[原文]Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme.
Apple Mac OS X Internet Location Spoofing Arbitrary Code Execution
Remote / Network Access
Loss of Integrity
Mac OS X contains a flaw that may allow a malicious user to spoof the true nature of an Internet Location item. The issue is triggered when an Internet Location file contains a different type of URL than the Internet Location type. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Install Apple Security Update 2006-003, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.