feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5940)