If a program allows an unrestricted buffer, it may be susceptible to this attack.
Basically they overload a part of memory that may push their malware into an elevated permission region.