18 matches found
CVE-2019-11354
The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...
CVE-2019-12828
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via t...
EUVD-2019-8874
Malware in sbrugna...
EUVD-2019-8873
Malware in sbrugna...
CVE-2019-19741
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...
CVE-2019-19247
Electronic Arts Origin through 10.5.x allows Elevation of Privilege issue 1 of 2...
CVE-2019-19248
Electronic Arts Origin through 10.5.x allows Elevation of Privilege issue 2 of 2...
Electronic Arts Origin elevation of privilege vulnerability (CNVD-2020-13143)
Electronic Arts Origin is a game management platform from Electronic Arts. The platform includes features such as electronic software distribution, digital rights management, and a social networking system. A security vulnerability exists in Electronic Arts Origin version 10.5.55.33574. The...
Design/Logic Flaw
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...
Electronic Arts Origin elevation of privilege vulnerability (CNVD-2020-04279)
Electronic Arts Origin is a game management platform from Electronic Arts. The platform includes features such as electronic software distribution, digital rights management, and a social networking system. A security vulnerability exists in Electronic Arts Origin 10.5.x and prior versions. An...
Electronic Arts Origin Elevation of Privilege Vulnerability
Origin is a digital distribution platform for buying and playing video games from Electronic Arts in the United States. An elevation of privilege vulnerability exists in Electronic Arts Origin 10.5.x and earlier versions, which can be exploited by attackers to elevate privileges...
CVE-2019-19247
Electronic Arts Origin through 10.5.x allows Elevation of Privilege issue 1 of 2...
CVE-2019-19248
Electronic Arts Origin through 10.5.x allows Elevation of Privilege issue 2 of 2...
Privilege escalation
Electronic Arts Origin through 10.5.x allows Elevation of Privilege issue 1 of 2...
EA Origin < 10.5.38 - Remote Code Execution Vulnerability
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
CVE-2019-11354
The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...
Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service DoS attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department DoJ press release, Austin Thompson , a.k.a. "DerpTroll,"...
Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities
The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag full for the 'Everyone' and 'Users' group, for the...