CVE-2019-11354
28Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 23%
from disclosure to weapon66 days
Published on NVDApr 19
1st PoC+66d
exploitation probability
23%top 2% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47021unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.phphttp://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.htmlhttp://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.htmlhttps://blog.underdogsecurity.com/rce_in_origin_client/https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.htmlhttps://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clienhttps://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-clienthttps://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/