An XSS issue in adobe acrobat allows you to xss a user against any website hosting a PDF file.

UPDATE:
Download Acrobat 8 it address this issue to protect yourself. If you host PDF files on a site it has been suggested that you associate the PDF mimetype on your web server to something unknown. Browsers typically handle non default mime types by prompting the user to download it rather then executing it in the browser.

Challenge Link: http://www.webappsec.org/lists/websecurity/archive/2007-01/msg00015.html