NOTICE

Some features on this website won't work without JavaScript such as theme toggle, search bar, and copy article.

EA Origin Remote Command Execution

HIGH CVE-2019-11354 April 19, 2019

Dominik Penner @zer0pwn

DESCRIPTION

A critical vulnerability in EA Origin allows remote command execution through the origin:// protocol handler.

DETAILS

EA Origin contains a critical vulnerability in its URL protocol handler that allows remote command execution. An attacker could craft a malicious origin:// URL that, when clicked, would execute arbitrary commands on the system.

AFFECTING

EA Origin • 10.5.39

REFERENCES

https://www.ea.com/security/security-bulletins/origin-remote-code-execution-vulnerability