In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security.
The term was derived from the corresponding notion of vector in biology.
For instance, malicious code (code that the user did not consent to being run and that performs actions the user would not consent to) often operates by being added to a harmless seeming document made available to an end user.
When the unsuspecting end user opens the document, the malicious code in question (known as the payload) is executed and performs the abusive tasks it was programmed to execute, which may include things such as spreading itself further, opening up unauthorized access to the IT system, stealing or encrypting the user's documents, etc.
[1] Some common attack vectors: This malware-related article is a stub.