Описание
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version.
Ссылки
- Third Party Advisory
- Product
- Third Party AdvisoryUS Government Resource
- Third Party Advisory
- Product
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 9.0 (исключая)
cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
7 High
CVSS3
Дефекты
CWE-367
Связанные уязвимости
CVSS3: 7
github
больше 2 лет назад
Unity Parsec before 8 has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs.
EPSS
Процентиль: 30%
0.00111
Низкий
7 High
CVSS3
Дефекты
CWE-367