winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/48320
http://www.securityfocus.com/bid/33474
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html