2010-03-30 18:00:00
apple
PUBLISHED
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an applications save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.