CVE-2016-6167 Putty CVE debrief

Who should care

Administrators and users running PuTTY beta 0.67, especially in environments where attackers can write to or influence the current working directory used when PuTTY starts.

Technical summary

NVD classifies this issue as CWE-426 (Untrusted Search Path). The affected CPE is PuTTY beta 0.67. The vulnerability exists because the application may load UxTheme.dll or ntmarta.dll from the current working directory, allowing a local attacker to substitute a malicious DLL and affect code execution when the program is launched. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

High for any environment that still uses PuTTY beta 0.67. The exposure is specific to that vulnerable beta build, but the impact can include code execution, so remediation should be prioritized if the product is present.

Recommended defensive actions

• Inventory systems for PuTTY beta 0.67 and remove or replace it.
• Upgrade to a supported, non-vulnerable PuTTY release from official distribution channels.
• Avoid launching the application from untrusted or user-writable directories.
• Restrict write access to directories from which administrative tools are started.
• Use software allowlisting or application control to block unexpected DLLs in launch paths.
• Inspect for unexpected UxTheme.dll or ntmarta.dll files near the PuTTY executable on exposed systems.

Evidence notes

The supplied NVD metadata identifies PuTTY beta 0.67 as vulnerable and provides CVSS 3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with CWE-426. The record cites third-party references, including a Packet Storm advisory tagged as an exploit reference, and two additional third-party advisories that NVD marks as broken links. The CVE record was published on 2017-01-30 and later modified on 2026-05-13; those timestamps are source metadata, not the original issue date.

Official resources