[adam_fallon_]

So far what i've send of the RCE i've seen so far has been a way of triggering pop-ups on the start screen - not to say its not more dangerous than that, but just thought i'd give some context.

Most RCE's aren't carte blanche to run arbitrary code on a users computer, but are some way of triggering a particular code path on a remote computer.

[dmurray]

RCE by definition involves being able to run arbitrary code, for some reasonable definition of arbitrary. "Triggering a particular code path" doesn't get you anything: if you have a webpage you can trivially make your visitors' computers execute plenty of predictable code paths, like the one to render text to the screen or to send audio to the speakers.