Main Vulnerability Database Vulnerabilities #VU31040

#VU31040 Data Handling in Origin Client - CVE-2019-12828

Published: June 14, 2019 / Updated: June 17, 2021

Vulnerability identifier: #VU31040

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2019-12828

CWE-ID: CWE-19

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Origin Client

Software vendor:
Electronic Arts

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.

Remediation

Install update from vendor's website.

#VU31040 Data Handling in Origin Client - CVE-2019-12828

Description

Remediation

External links

Please verify you're human