There have been plenty of attacks targeting image and document viewers/editors over the years. It's a great vector, because recipients are more likely to open a document than run an executable.

Some of the very "best" vulnerabilities of all time have been attacks taking advantage of scripting features in Office.