The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges.
CVE Link
Exploit Type - Old
Exploits/Local
Exploit Platform
Product Name