Buffer overruns are fun. We had to "hack" a few "bombs" and other programs in classes at the university. It's not really that complicated if you know where the vulnerability is. It requires a little assembler knowledge but you don't need to be a guru to do it.
That's probably what makes it so dangerous. That and the fact that everybody in the windows world uses the exact same programs so a small vulnerability affects a massive amount of users.
This is one of the assignments we had to do. It was actually a lot of fun, even though the "bomb" makes it easy as it uses a normalized stack. Only the last part of the assignment uses a random stack.