Launchpad.net

CVE 2016-7838

Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.

See the CVE page on Mitre.org for more details.