CVE-2019-12828

Sažetak

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.

Reference

http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.html
https://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/
https://www.youtube.com/watch?v=E9vCx9KsF3c
https://www.zerodayinitiative.com/advisories/ZDI-19-574/
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-06-2019 - 23:15

Objavljeno

14-06-2019 - 20:29