Today, “Zero-Day” vulnerabilities and other forms of code execution exploits remain a dangerous threat to computer users connected to the internet. Such undisclosed vulnerabilities are sold, or get published by self-styled “security researchers”, and can then be used to infect users by sending them a (link to a) specially crafted document that will be opened/rendered by the vulnerable client software.
In 2006 and in the first half of 2007, Microsoft's Office™ document formats have been the primary targets for vulnerability exploitation, followed by Microsoft's™ legacy graphics formats WMF, ANI and ICO. Exploits based on non-Microsoft™ formats, such as Apple QuickTime™, exist in the wild and are growing in prevalence.
Yet it is not possible to know about vulnerabilities in advance; they would not exist if this was possible.