PT-2017-8921 · Simon Tatham · Putty
Published
2017-01-30
·
Updated
2022-05-01
·
CVE-2016-6167
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Putty beta version 0.67
Description
The issue allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.
Recommendations
For Putty beta version 0.67, consider removing or restricting access to the UxTheme.dll and ntmarta.dll files in the current working directory to minimize the risk of exploitation.
Exploit
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Putty