CVE-2017-12939
CRITICALUnity Editor < 5.3.8p2, 5.4.x < 5.4.5p5, 5.5.x < 5.5.4p3, 5.6.x < 5.6.3p1, 2017.x < 2017.1.0p4 - Remote Code Execution
Title source: llmDescription
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100444
Patch, Vendor Advisory x_refsource_confirm
https://unity3d.com/security#issues
Various Sources x_refsource_misc
https://twitter.com/0x09AL/status/898635999185711108
Scores
CVSS v3
9.8
EPSS
0.0473
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (14)
unity3d/unity_editor
5.3.8
unity3d/unity_editor
5.4.0
unity3d/unity_editor
5.4.1
unity3d/unity_editor
5.4.2
unity3d/unity_editor
5.4.3
unity3d/unity_editor
5.4.4
unity3d/unity_editor
5.5.0
unity3d/unity_editor
5.5.1
unity3d/unity_editor
5.5.2
unity3d/unity_editor
5.5.3
... and 4 more
Published
Aug 18, 2017
Tracked Since
Feb 18, 2026