Memory and logic bugs in the program (and everything the program relies on, like shared libraries, OS, etc) opens up holes for exploits. When we feed crafted inputs into a vulnerable program such that it behaves in a way that the original developers did not expect, we could say that we turned the program into a weird machine that interprets/runs our crafted input as its own program.
To build “programs” that run on this weird machine, we look for vulnerabilities in the original program, like the abuse of printf
format string to write bytes to a custom offset. Such vulnerabilities become the building blocks—primitives—of our program, “weird instructions” as the Bratus put it. We use these primitives to build our payload and freely explore the newly exploding and unintended state space of the vulnerable program.