So far what i've send of the RCE i've seen so far has been a way of triggering pop-ups on the start screen - not to say its not more dangerous than that, but just thought i'd give some context.
Most RCE's aren't carte blanche to run arbitrary code on a users computer, but are some way of triggering a particular code path on a remote computer.
RCE by definition involves being able to run arbitrary code, for some reasonable definition of arbitrary. "Triggering a particular code path" doesn't get you anything: if you have a webpage you can trivially make your visitors' computers execute plenty of predictable code paths, like the one to render text to the screen or to send audio to the speakers.
Most RCE's aren't carte blanche to run arbitrary code on a users computer, but are some way of triggering a particular code path on a remote computer.