Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request.
http://openwall.com/lists/oss-security/2009/01/12/3
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html