Software operating in a MAC OS environment, where .DS_Store is
in effect, must carefully manage hard links, otherwise an attacker may be able
to leverage a hard link from .DS_Store to overwrite arbitrary files and gain
privileges.
The Finder in Mac OS X and earlier allows local
users to overwrite arbitrary files and gain privileges by creating a hard
link from the .DS Store file to an arbitrary
file.
This entry, which originated from PLOVER, probably stems from a common
manipulation that is used to exploit symlink and hard link following
weaknesses, like /etc/passwd is often used for UNIX-based exploits. As such,
it is probably too low-level for inclusion in CWE.