Is it possible for a hacker to upload a file to your pc, via an open port and execute it without the computer user actually knowing?

I've been told it's possible but it seems quite an easy way to get about hacking and installing a trojan ect.

Cheers for any help,

Robert Davison