[原文]The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
PuTTY Window Title Escape Character Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
Putty contains a flaw that may allow a malicious user to insert arbitrary commands and execute them. The issue is triggered when an attacker sends commands, preceded by terminal emulator escape sequences. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Upgrade to version 0.54 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.