The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3216)