When talking of network security, many people think of server applications. They are particularly exposed because they run all the time, quite often with super user privilege. In addition, the black hat community is now routinely developing mass scanning tools that probe vast network ranges for the presence of vulnerable network services, and uses them in automated intrusion tools.
However, it would be careless to neglect client applications when talking about network services. With more and more people spending time online, I believe we will be seeing more attacks that involve network client applications such as web browsers or mail readers.
In fact, this is already happening today: In 1997, we witnessed the so-called ``Loveletter'' worm, a Visual Basic Script program that replicated by sending itself as an email to other users. In 2001, we had worms like CodeRed and Nimda exploiting well-known weaknesses in Microsoft´s IIS. Internet viruses such as these have demonstrated the scale of the problem quite drastically. Today, they are basically digital vandalism - but the same mechanisms that allow the virus to propagate itself can be used to compromise the account of a user.
Yet another attack vector is presented by network applications based on broadcast or multicast mechanisms. For instance, Usenet news is transported by a network of thousands of sites. Individual messages (called articles) are posted to one or more newsgroups, and are broadcast to all participating sites that want to receive news in one or more of the groups it has been posted to. Since most Usenet sites are running recent versions of the same software, INN, a bug in this software can make infecting these thousands of machines a matter of injecting a single article into Usenet. Note that this is not idle theory! Older versions of INN had a bug in the handling of certain messages that could be used to run arbitrary shell commands with the privilege of the news user.
Similar threat scenarios apply to IP multicast tools used on the multicast backbone MBone. Earlier versions of sdr, the widely used MBone session directory tool, had a bug through which an attacker could embed arbitrary TCL commands in a network packet. By sending a single UDP packet to all sites connected to the MBone, an attacker could get access to the accounts of all users running the sdr tool at that moment!