CVE-2019-12828
CVE-2019-12828
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47019unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.htmlhttps://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/https://www.youtube.com/watch?v=E9vCx9KsF3chttps://www.zerodayinitiative.com/advisories/ZDI-19-574/https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/