Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-37250

Published: 20/08/2023 Updated: 25/08/2023
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 0
Subscribe to Parsec

Vulnerability Summary

Unity Parsec has a TOCTOU race condition that permits local malicious users to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions up to and including 8. Parsec Loader 9 is a fixed version.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

unity parsec

Github Repositories

https://github.com/ewilded/CVE-2023-37250

PoC

CVE-2023-37250 PoC Write up: atosnet/en/lp/securitydive/roaming-and-racing-to-get-system-cve-2023-37250

References

CWE-367https://www.kb.cert.org/vuls/id/287122https://unity3d.comhttps://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250https://nvd.nist.govhttps://github.com/ewilded/CVE-2023-37250https://www.kb.cert.org/vuls/id/287122
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook