Local File Hijacking Vulnerability in PuTTY on Windows
CVE-2019-9896

7.8HIGH

Key Information:

Vendor

Putty

Status
Putty
Vendor
CVE Published:
21 March 2019

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2019-9896?

In PuTTY versions before 0.71 running on Windows, a vulnerability exists where local attackers can compromise the application by inserting a malicious help file in the same directory as the PuTTY executable. This flaw can lead to unauthorized access and manipulation of the application behavior, posing significant risks to users unaware of the compromised files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

vuln-chm-hijack
Created by yasinyilmaz

References

https://www.chiark.greenend.org.uk/~sgtatham/putty/change...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.