Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17420
http://lists.apple.com/archives/security-announce/2004/Sep/msg00001.html