cve/CVE-2019-12828.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.

POC

Reference

http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.html
https://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/
https://www.youtube.com/watch?v=E9vCx9KsF3c

Github

https://github.com/zeropwn/vulnerability-reports-and-pocs
https://github.com/zeropwn/zeropwn

1.1 KiB Raw Blame History

CVE-2019-12828

Description

POC

Reference

Github

1.1 KiB

Raw Blame History