An Arbitrary code execution attacks commonly exploits application vulnerabilities. Vulnerabilities like buffer overflows or unchecked variables appear as a result of poor coding practices during application development. With these vulnerabilities attacker finds a way to execute the code on target machine.
Most commonly the arbitrary code execution attack may lead to denial of service and privilege escalation. However the purpose of attack will depend on the actual code executed by the attacker.
Few protection mechanisms from such attacks are input validation, buffer protection, properly secured user accounts, and properly configured firewall.