vendor:
Unity 3D Web Player
by:
Luigi Auriemma
7,5
CVSS
HIGH
Heap Corruption
125
CWE
Product Name: Unity 3D Web Player
Affected Version From: <= 3.2.0.61061
Affected Version To: <= 3.2.0.61061
Patch Exists: NO
Related CWE: N/A
CPE: a:unity_technologies:unity_web_player
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012
Heap Corruption in Unity 3D Web Player
Heap corruption caused by a negative 32bit size value which allows to execute malicious code. The provided proof-of-concept is not optimized but should show a write4 and, (tested on Firefox) EIP pointing to an invalid memory zone.
Mitigation:
No fix.
