Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/14214
http://www.securitytracker.com/id?1008702