Theoretically true, although it is inherently more difficult for a hacker to find an exploit in a widely distributed application then it is for them to run their own executable. For example, the PDF bug was found by Adobe's own internal security team. Did a hacker actually infect PDF files to...