#VU108 DLL loading error in PuTTY - CVE-2016-6167
Published: July 8, 2016 / Updated: October 31, 2022
Vulnerability identifier: #VU108
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6167
CWE-ID:
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PuTTY
PuTTY
Software vendor:
Simon Tatham
Simon Tatham
Description
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to access control error in PuTTY. A local user can obtain elevated privileges on the target system.by placing a specially crafted DLL (named 'UxTheme.dll' or 'ntmarta.dll') in the same directory as the 'putty.exe'
Successful exploitation of this vulnerability may result in execution of arbitrary code via local system.
The vulnerability exists due to access control error in PuTTY. A local user can obtain elevated privileges on the target system.by placing a specially crafted DLL (named 'UxTheme.dll' or 'ntmarta.dll') in the same directory as the 'putty.exe'
Successful exploitation of this vulnerability may result in execution of arbitrary code via local system.
Remediation
Install update from vendor's website.