Executive Summary

Informations
NameCVE-2019-11354First vendor Publication2019-04-19
VendorCveLast vendor Modification2019-06-24

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11354

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Sources (Detail)

SourceUrl
MISC http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potenti...
http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html
http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remo...
https://blog.underdogsecurity.com/rce_in_origin_client/
https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604
https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/
https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-l...
https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-...
https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-...
https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/
https://www.trustedreviews.com/news/time-update-origin-eas-game-client-securi...
https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-f...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-07-02 00:19:22
  • Multiple Updates
2019-06-25 05:19:34
  • Multiple Updates
2019-04-23 00:19:25
  • Multiple Updates
2019-04-20 05:19:38
  • First insertion