CVE-2016-6167 — Untrusted Search Path in Putty

CWE-426 — Untrusted Search Path3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 69.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Putty Debian Putty

Timeline

PublishedJan 30

Latest updateMay 3

Description

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDputty/putty0.67

▶debiandebian/putty

🔴Vulnerability Details

GHSA

GHSA-7x75-r7f7-mqrx: Multiple untrusted search path vulnerabilities in Putty beta 0↗2022-05-03

▶

📋Vendor Advisories

Debian

CVE-2016-6167: putty - Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local us...↗2016

▶