WinSCPのプロトコルハンドラ（うわさのｗ）で、特殊に細工されたURIでファイルの任意のファイルがダウンロードが可能

The vulnerability is caused due to an error within the handling of the "scp://" and "sftp://" protocol handlers. This can be exploited to insert additional command line switches, potentially to cause WinSCP to append log entries to arbitrary files on the user's system, or to download files onto the user's system via a specially crafted URL.