Unrated severityNVD Advisory· Published Jun 14, 2019· Updated Aug 4, 2024
CVE-2019-12828
CVE-2019-12828
Description
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Electronic Arts/Origindescription
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.htmlmitrex_refsource_MISC
- www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/mitrex_refsource_MISC
- www.youtube.com/watchmitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-19-574/mitrex_refsource_MISC
- zeropwn.github.io/2019-05-22-fun-with-uri-handlers/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.