Unfortunately, this is one of those root exploits that's so simple, you don't even need a canned 'sploit to hit. This is one you can write off the top of your head. Ouch!
Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not.
This does, however, require physical access to the box. I've found that you can generally crack anything you have physical access to.