Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
It's been suggested that window-title reports might be a bad idea, since they allow anyone who can generate arbitrary output to a terminal to cause almost-arbitrary input from it. The various other terminal reports supported by PuTTY are less of a problem because their formats are rather more constrained.
PuTTY should probably make window-title reporting support optional and have it default to off.
This vulnerability corresponds to CVE-2003-0069.
SGT, 2003-04-12: Just fixed this.