From The Register: Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware • The Register
browsers run scripts by default, then clicking a malicious link …
Another big problem is application permissions, for example, secure application once running, scripts can be executed, loaded dlls, exe files to be downloaded in the background (such as images, text files, cookie …)
scripts can execute commands like “file:///” directly by the browser >:-D