CVE-2017-12939

high-risk

Published 2017-08-18

A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.

Do I need to act?

2.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (14)

Unity Editor

Affected Vendors

Unity3D

References (6)

Third Party Advisory http://www.securityfocus.com/bid/100444

https://twitter.com/0x09AL/status/898635999185711108

Patch https://unity3d.com/security#issues

Third Party Advisory http://www.securityfocus.com/bid/100444

https://twitter.com/0x09AL/status/898635999185711108

Patch https://unity3d.com/security#issues

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 6/34 · Minimal

Exposure 18/34 · Moderate