Local File Hijacking Vulnerability in PuTTY on Windows
CVE-2019-9896

7.8HIGH

Key Information:

Vendor

Putty

Status
Putty
Vendor
CVE Published:
21 March 2019

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2019-9896?

In PuTTY versions before 0.71 running on Windows, a vulnerability exists where local attackers can compromise the application by inserting a malicious help file in the same directory as the PuTTY executable. This flaw can lead to unauthorized access and manipulation of the application behavior, posing significant risks to users unaware of the compromised files.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

vuln-chm-hijack
Created by yasinyilmaz

References

https://www.chiark.greenend.org.uk/~sgtatham/putty/change...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-9896 : Local File Hijacking Vulnerability in PuTTY on Windows