Vulnerability Details CVE-2023-37250
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.7%
CVSS Severity
CVSS v3 Score 7.0
References