Secunia reports that Adobe’s Acrobat Reader V4.x and V5.x allows publishers of PDF documents to execute arbitrary code as the result of a vulnerability on the XPDF specification. See http://www.secunia.com/advisories/9038/ for the description of the Reader exposure and http://www.secunia.com/advisories/9037/ for the XPDF description.
This hasn’t been confirmed on Windows or Mac, just on Linux (so far).