#VU31040 Data Handling in Origin Client
Vulnerability identifier: #VU31040
Vulnerability risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-19
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Origin Client
Client/Desktop applications /
Games
Vendor: Electronic Arts
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Origin Client: 10.5.2 - 10.5.38
External links
http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.html
http://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/
http://www.youtube.com/watch?v=E9vCx9KsF3c
http://www.zerodayinitiative.com/advisories/ZDI-19-574/
http://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
