The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/35584
http://www.securityfocus.com/bid/25052
http://security.gentoo.org/glsa/glsa-200707-08.xml
http://secunia.com/advisories/26208