The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18011
http://www.securityfocus.com/bid/11640