Basically, regardless of VMs etc, parsing any kind of binary data is inherently dangerous. Old binary formats were bespoke, there weren't always standard libraries to read the headers etc, so everyone wrote their own, with their own bugs. A common attack vector was simply using invalid lengths on header fields, causing a stack or buffer overflow to fool the host into executing the binary data as code.
That's one of the reasons these days there's a tendency to use text-based representations like JSON, but of course anything size-sensitive such as images and movies is still generally binary.
That's one of the reasons these days there's a tendency to use text-based representations like JSON, but of course anything size-sensitive such as images and movies is still generally binary.