Mirrors | Updates | Feedback | Changes | Wishlist | Team
It's been suggested that window-title reports might be a bad idea, since they allow anyone who can generate arbitrary output to a terminal to cause almost-arbitrary input from it. The various other terminal reports supported by PuTTY are less of a problem because their formats are rather more constrained.
PuTTY should probably make window-title reporting support optional and have it default to off.
This vulnerability corresponds to CVE-2003-0069 .
SGT, 2003-04-12: Just fixed this.
Audit trail for this vulnerability.