Our version of the X11R4 xterm was certainly willing to create files in protected directories; I didn't try overwriting files via either of the two techniques I've seen. I would assume that the R4 xterm is vulnerable until proven otherwise. - cks