msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").Referenceshttp://www.osvdb.org/11193http://www.securityfocus.com/bid/11560http://secunia.com/advisories/13021/http://secunia.com/advisories/13022/https://exchange.xforce.ibmcloud.com/vulnerabilities/16335http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525http://www.debian.org/security/2004/dsa-575
