CVE-2017-12939
critical
CVSS v3
9.8
CVSS v2
7.5
VIR risk
9.8
Description
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://unity3d.com/security#issues
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| unity3d | unity_editor | 5.3.8 | |
| unity3d | unity_editor | 5.4.0 | |
| unity3d | unity_editor | 5.4.1 | |
| unity3d | unity_editor | 5.4.2 | |
| unity3d | unity_editor | 5.4.3 | |
| unity3d | unity_editor | 5.4.4 | |
| unity3d | unity_editor | 5.5.0 | |
| unity3d | unity_editor | 5.5.1 | |
| unity3d | unity_editor | 5.5.2 | |
| unity3d | unity_editor | 5.5.3 | |
| unity3d | unity_editor | 5.6.0 | |
| unity3d | unity_editor | 5.6.1 | |
| unity3d | unity_editor | 5.6.2 | |
| unity3d | unity_editor | 2017.1.0 | |
References
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.