Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote malicious users to execute arbitrary code via the URL handler.
apple mac os x 10.4.11