Interesting that Windows is impacted, but on Windows you can simply drop a dx9 dll or sameNameAsExecutable.dll to "inject" code. Commonly used by modders for Unity and other games. From that perspective, I don't see how this is novel or so highly rated, again on Windows specifically.
The URI handler is a separate vector that is more concerning.
Which is why since Windows 11 version 24H2, Windows started getting some additional sandboxing capabilities in Win32, similar to how UWP works.
https://learn.microsoft.com/en-us/windows/security/applicati...
Currently it is still opt-in, but who knows when they decide to go Apple style with Gatekeeper.
How hard is it for a remote attacker to replace a DLL on your Windows system? And how hard for the remote attacker to gain access via this exploit through Unity?
With physical access, anything goes - like when you replace DLLs on your own system for modding … or changing permissions to gain access to files … or any number of “unauthorized” activities because you are physically located at the machine.