Preferably a two-click exploit. One to view the message and one (if I decide it's safe) to process it through your buggy code.

A 0-click exploit is horrendously worse than even a 1-click one. I often don't even open messages from numbers I don't recognize