@WT + Paul
The ARD *client* is installed on all Macs. You can enable it in the Sharing Preference panel. But that usually doesn't do any good if you don't have a copy of the management tool (which is the $300 software mentioned).
Ironically, *enabling* ARD actually kills this vulnerability. You can also just do a "sudo chmod -R 000 /System/Library/CoreServices/RemoteManagement/ARDAgent.app " to disable it (this might be undone by Disk Utility if you run a permissions repair, didn't check).