A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unity3d | unity_editor | 5.4.3 |
| unity3d | unity_editor | 5.5.2 |
| unity3d | unity_editor | 2017.1.0 |
| unity3d | unity_editor | 5.4.4 |
| unity3d | unity_editor | 5.6.0 |
| unity3d | unity_editor | 5.5.1 |
| unity3d | unity_editor | 5.6.1 |
| unity3d | unity_editor | 5.3.8 |
| unity3d | unity_editor | 5.5.0 |
| unity3d | unity_editor | 5.4.0 |
| unity3d | unity_editor | 5.4.1 |
| unity3d | unity_editor | 5.4.2 |
| unity3d | unity_editor | 5.6.2 |
| unity3d | unity_editor | 5.5.3 |
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unity3d | unity_editor | * |