This Australian group released some technical notes on how to use programs being loaded by a debugger as an attack vector. Interesting.
Whitepaper:
http://www.security-assessment.com/Whitepapers/PreDebug.pdf
Example code:
http://www.packetstormsecurity.nl/0504-exploits/predebug1.c
http://www.packetstormsecurity.nl/0504-exploits/predebug2.c
I was reading about that at work yesterday. I was surprised at how simple it actually was, although apparently it's pretty platform-specific.
Skywing was telling me a long time ago that some disassemblers (like IDA) are vulnerable like that, because they actually load the file, but others (like W32Dasm) aren't because they don't actually load it, just read it.
I wonder if this has ever been done in the real world.