Main Vulnerability Database Vulnerabilities #VU23660

#VU23660 Incorrect default permissions in Origin Client - CVE-2019-19248

Published: December 18, 2019

Vulnerability identifier: #VU23660

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2019-19248

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Origin Client

Software vendor:
Electronic Arts

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions set for the “C:\ProgramData\Origin\local.xml” file. A local unprivileged user with access to the system can modify the file and execute arbitrary code on the system with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://www.ea.com/security/news/easec-2019-001-elevation-of-privilege-vulnerability-in-origin-client
https://enigma0x3.net/2019/12/10/cve-2019-19248-local-privilege-escalation-in-eas-origin-client/

#VU23660 Incorrect default permissions in Origin Client - CVE-2019-19248

Description

Remediation

External links

Please verify you're human