[原文]LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.
Apple Safari LaunchServices Long Extension Safe File Open Bypass
Remote / Network Access
Loss of Integrity
Mac OS X contains a flaw that may allow a malicious user to cause Safari to automatically open unsafe content. The issue is triggered when long file name extensions are used to prevent Download Validation from correctly determining the file type. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Install Apple Security Update 2006-003, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.