DLL loading error in PuTTY - CVE-2016-6167
Published: July 8, 2016 / Updated: October 31, 2022
Vulnerability identifier: #VU108
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6167
CWE-ID:
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Simon Tatham
Affected software:
PuTTY
PuTTY
Detailed vulnerability description
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to access control error in PuTTY. A local user can obtain elevated privileges on the target system.by placing a specially crafted DLL (named 'UxTheme.dll' or 'ntmarta.dll') in the same directory as the 'putty.exe'
Successful exploitation of this vulnerability may result in execution of arbitrary code via local system.
The vulnerability exists due to access control error in PuTTY. A local user can obtain elevated privileges on the target system.by placing a specially crafted DLL (named 'UxTheme.dll' or 'ntmarta.dll') in the same directory as the 'putty.exe'
Successful exploitation of this vulnerability may result in execution of arbitrary code via local system.
How to mitigate CVE-2016-6167
Install update from vendor's website.