Adobe Acrobat 6.0.2 and prior contain a buffer overflow vulnerability in the RTLHeapFree() function of the pdf.ocx ActiveX component. A remote attacker can exploit the vulnerability to execute arbitrary code with the permissions of the user.
The attacker can craft a malicious link containing a null-byte character followed by a long string. Web servers that truncate the link at the null-byte character pass the long string to the vulnerable buffer.
The malicious link can be placed within an image tag or an IFRAME to exploit the vulnerability without requiring the user to click on a link.
Exploit code is available.