Array index error in the XFree86-Misc extension in X.Org Xserver before
1.4.1 allows context-dependent attackers to execute arbitrary code via a
PassMessage request containing a large array index.

kees