Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Exploit

The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2008-2830
Product Version: 
10.5
Released Date: 
Tuesday, November 16, 2010 - 00:00