Suppose malware lands and executes on a computer. Could this malware attempt to spread further by writing itself to data files (images, pdfs, docs) and hoping that the owner would transfer or upload these files somewhere. Like adding payload to images and targeting some memory vulnerability in a common image viewer. Or would it be highly sophisticated and unlikely?
Are there any examples of such spreading mechanisms in the wild? How likely that scenario would be? In my understanding to exploit some buffer overflow vulnerability, an evil file would need to be crafted manually. It would be a mechanism for a targeted attack and not a mass spreading one, right?