[原文]Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
Apple Mac OS X LaunchServices Safe File Type Bypass
Remote / Network Access
Loss of Integrity
LaunchServices contains a flaw that may allow a malicious application to appear as a safe file type. It is possible that the flaw may allow malicious file to be executed automatically when visiting a malicious web site resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.