CVE-2019-9197

Published: Dec 31, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.

Affected (6)

Products: Unity3d: Unity Editor

1 product

Configuration A

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unity3d Unity Editor	From 2017.4.22 to 2017.4.22f1
Unity3d Unity Editor	From 2018.2.21 to 2018.2.21f1
Unity3d Unity Editor	From 2018.3.7 to 2018.3.7f1
Unity3d Unity Editor	From 2019.1.0 to 2019.1.0b5
Unity3d Unity Editor	From 2019.2.0 to 2019.2.0a7
Unity3d Unity Editor	From 5.6.0 to 5.6.7f1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://unity3d.com/security#CVE-2019-9197

Source: cve@mitre.org

MitigationPatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-19-252/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://unity3d.com/security#CVE-2019-9197

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-19-252/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.