This is a major security vulnerability with Apple's Mail.app in Leopard. The upshot is that attachments opened in Mail.app will execute arbitrary code without warning. (via)

The really shameful part of this bug is not that it resembles vulnerabilities in another major software vendor's email program (think: largest software company in the world). The real shame is that Apple fixed this problem in a previous version of Mac OS. Cupertino seems bent on delivering lots of fresh turkeys and eating heaps of prime crow.

Caw.