Laut Core Security gibt es eine im in gnome verwendeten VNC Client Vinagre Sicherheitslücke, mit der sich Code im Kontext des Users ausführen lässt.

Core Security: 

Vinagre [1] is a VNC client for the GNOME Desktop. A format string error has been found on the vinagre_utils_show_error() function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name.

In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user.

Mehr Informationen (englisch) : http://www.coresecurity.com/content/vinagre-format-string