ID:6012 - Exploit for Code Injection in Origin Client - CVE-2019-11354

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:6012 - Exploit for Code Injection in Origin Client - CVE-2019-11354

ID:6012 - Exploit for Code Injection in Origin Client - CVE-2019-11354

Published: June 17, 2021


Vulnerability identifier: #VU35984
Vulnerability risk: High
CVE-ID: CVE-2019-11354
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
Origin Client

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.


Remediation

Install update from vendor's website.