CVE-2020-27708

Origin Client contains a privilege-escalation vulnerability that could allow a non-administrative user to obtain Administrator or System rights, enabling control of the system and actions reserved for high-privileged users. The CVE-2020-27708 entry is corroborated by multiple connected sources (N...

CVE-2019-12828

CVE-2019-12828 affects Electronic Arts Origin prior to 10.5.39. The issue arises from improper sanitization of origin:// and origin2:// URI schemes, allowing injection of additional arguments into the Origin process and enabling remote code execution by loading a backdoored Qt plugin via the plat...

CVE-2019-11354

The CVE-2019-11354 entry concerns the EA Origin Windows client (Origin 10.5.36 and potentially earlier) and a template-injection flaw in the Origin2 URI handler title parameter that can escape the AngularJS sandbox, enabling remote code execution via an origin2://game/launch URL used by QtApplica...

CVE-2019-19741

CVE-2019-19741 affects Electronic Arts Origin 10.5.55.33574. Local privilege escalation arises from arbitrary directory DACL manipulation via OriginClientService: Origin.exe connects to a named pipe, the privileged service validates the client’s executable (not its in-memory image), enabling DACL...

CVE-2019-19248

Technical details for CVE-2019-19248 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories to obtain affected products, impact, and fixes.

CVE-2019-19247

Concisely, CVE-2019-19247 affects Electronic Arts Origin 10.5.x and enables local privilege escalation via arbitrary directory DACL manipulation when OriginClientService is involved; the vulnerability relies on comparing the client executable vs. in-memory process, enabling manipulation of DACLs ...