Published: 14/06/2019 Updated: 24/06/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in Electronic Arts Origin prior to 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ea origin

# Exploit Title: EA Origin <10538 Remote Code Execution # Date: 05/22/2019 # Exploit Author: Dominik Penner (@zer0pwn) # Vendor Homepage: wwworigincom # Software Link: wwworigincom/can/en-us/store/download # Version: 10538 and below # Tested on: Windows 7, Windows 8, Windows 10 # CVE : CVE-2019-12828 Electronic Arts' Ori ...

EA Origin versions prior to 10538 suffer from a remote code execution vulnerability ...

CWE-19 https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/https://www.youtube.com/watch?v=E9vCx9KsF3c https://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.html https://www.zerodayinitiative.com/advisories/ZDI-19-574/https://nvd.nist.gov https://www.exploit-db.com/exploits/47019

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-12828

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect