Public CVE-2009-1261 disclosure

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.