Published: 02/11/2020 Updated: 21/07/2021

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ea origin

EA Games' Origin client contained privilege escalation vuln that anyone with user-grade access could exploit

The Register • Gareth Corfield • 10 Nov 2020

Fancy getting system privs? Swap out a DLL and you're in

A British infosec outfit spotted a privilege escalation vulnerability in EA Games’ Origin client after discovering the software was hunting for an absent DLL file when users opened it. Nettitude found the priv-esc after researcher Tom Wilson fired up Origin and ran Process Monitor (Procmon) over it to see what Origin was calling when it ran. As Nettitude's Rob Bone told The Register: “The crux is Origin itself tries to load a binary from a path that doesn’t exist. It’s most likely that i...

CVE-2020-27708

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect