An attacker manipulates one or more functions of an application in order to perform an attack. This is a broad class of attacks wherein the attacker is able to alter the intended result or purpose of the functionality and thereby affect application behavior or information integrity. Outcomes can range from vandalism and reduction in service to the execution of arbitrary code on the target machine.
All applications are potentially vulnerable to this class of attack as all applications have by nature, intended functionality.
Attacker requirements will vary depending on the nature of the functionality to be manipulated.