Vulnerability Details : CVE-2019-11354
Potential exploit
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.
Vulnerability category: Execute code
Products affected by CVE-2019-11354
- cpe:2.3:a:ea:origin:10.5.36:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11354
50.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11354
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-11354
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11354
-
https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-client
Major security flaw found in EA Origin gaming client | TechRadarPress/Media Coverage;Third Party Advisory
-
https://blog.underdogsecurity.com/rce_in_origin_client/
Site not found · GitHub PagesBroken Link
-
http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html
dotProject 2.1.9 SQL Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/
Sims 4, Battlefield and Fifa players' computers could be taken over by hackersPress/Media Coverage;Third Party Advisory
-
http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.html
EA Origin Template Injection Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942
It's time to update Origin, as EA's game client is a security riskThird Party Advisory
-
https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clien
Security Flaw Allowed Any App to Run Using EA's Origin ClientPress/Media Coverage;Third Party Advisory
-
https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604
EA Origin Users, Update Your Client NowExploit;Third Party Advisory
-
https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/
Security flaw in EA’s Origin client exposed gamers to hackers | TechCrunchExploit;Third Party Advisory
-
https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.html
Sicherheitslücke: EA Origin führte Schadcode per Link aus - Golem.dePress/Media Coverage;Third Party Advisory
-
https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/
Origin update fixes major vulnerability - VG247Third Party Advisory
-
http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php
Gamasutra - A now-fixed Origin vulnerability potentially opened the client to hackersThird Party Advisory
Jump to