CVE-2019-11354 — HIGH (7.8)

Vulnerability Description

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ea	Origin	10.5.36

Related Weaknesses (CWE)

CWE-74

References

http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentiallThird Party Advisory
http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-ExploitThird Party AdvisoryVDB Entry
https://blog.underdogsecurity.com/rce_in_origin_client/Broken Link
https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604ExploitThird Party Advisory
https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/ExploitThird Party Advisory
https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-linkPress/Media CoverageThird Party Advisory
https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-easPress/Media CoverageThird Party Advisory
https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-cliPress/Media CoverageThird Party Advisory
https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/Press/Media CoverageThird Party Advisory
https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-Third Party Advisory
https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixeThird Party Advisory
http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentiallThird Party Advisory
http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2019-11354?

CVE-2019-11354 is a vulnerability with a CVSS score of 7.8 (HIGH). The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox an...

How severe is CVE-2019-11354?

CVE-2019-11354 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11354?

Check the references section above for vendor advisories and patch information. Affected products include: Ea Origin.