Vulnerabilities and exploits aside, most security attacks become successful because of the supposed weakest link in the system: The human users (Yes, that’s us).
Because of the social engineering, a worm variant masquerading as a harmless attachment to an email is most likely to be opened and executed not because it does so on its own but rather it tricks the user into doing so. Gullibility then becomes the key to security breaches.
So don’t be gullible. Read more about social engineering here.