Kender.Security has discovered a vulnerability in WinSCP, which can be exploited by malicious people to manipulate certain files on a user’s system and potentially to compromise a vulnerable system.
The vulnerability is confirmed in version 4.0.3. Prior versions may also be affected.
Update to version 4.0.4.
By default WinSCP installs URL protocol handlers for the scp:// and sftp:// protocols. These could be used by malicious web content to automatically upload any file from the local system to a remote server, or automatically download files from a remote server to the local system. 
Update your copy of WinSCP to v4.0.4
 WinSCP Protocol Handler Command Line Switch Injection (2006-Sep-14) [Secunia]
 Recent Version History | 4.0.4 [WinSCP.net]
 WinSCP URL Protocol Handler Flaw (2006-Sep-16) [SecuriTeam]