CVE-2017-12939

CRITICAL

Unity Editor < 5.3.8p2, 5.4.x < 5.4.5p5, 5.5.x < 5.5.4p3, 5.6.x < 5.6.3p1, 2017.x < 2017.1.0p4 - Remote Code Execution

Title source: llm
STIX 2.1

Description

A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100444
Patch, Vendor Advisory x_refsource_confirm
https://unity3d.com/security#issues
Various Sources x_refsource_misc
https://twitter.com/0x09AL/status/898635999185711108

Scores

CVSS v3 9.8
EPSS 0.0473
EPSS Percentile 90.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (14)
unity3d/unity_editor 5.3.8
unity3d/unity_editor 5.4.0
unity3d/unity_editor 5.4.1
unity3d/unity_editor 5.4.2
unity3d/unity_editor 5.4.3
unity3d/unity_editor 5.4.4
unity3d/unity_editor 5.5.0
unity3d/unity_editor 5.5.1
unity3d/unity_editor 5.5.2
unity3d/unity_editor 5.5.3
... and 4 more
Published Aug 18, 2017
Tracked Since Feb 18, 2026