CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.