The host is installed with PuTTY before 0.67 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the SCP command-line utility, which fails to handle a crafted SCP-SINK file-size response to an SCP download request. Successful exploitation allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code.