CVE-2020-27708

Vulnerability

CVE-2020-27708 is an elevation of privilege vulnerability in the Origin Client for Mac and PC versions 10.5.86 and earlier. The flaw allows a non-administrative user to escalate their access to either Administrator or System level by placing a crafted Qt plugin into a specifically named directory on C:\, which is then loaded by Origin processes with higher privileges [1].

Exploitation

To exploit the vulnerability, an attacker must have valid credentials and the ability to log on locally to the computer where the Origin Client is installed. They create the specially named directory on C:\ and place a malicious Qt plugin there. To achieve System privileges, the attacker stops and restarts the "Origin Client Service". For Administrator privileges, the attacker must either wait for an administrative user to run the Origin Client Installer or Uninstaller (triggering a UAC prompt), or convince an administrative user to run Origin Client, Origin Crash Reporter, or Origin Error Reporter with elevated permissions [1].

Impact

Successful exploitation allows a local non-administrative user to gain Administrator or NT AUTHORITY\System privileges, enabling them to take full control of the system and perform actions otherwise reserved for high-privileged users, such as installing software, modifying system files, or accessing sensitive data [1].

Mitigation

EA has fixed this vulnerability in Origin Client version 10.5.86 or later. The advisory also notes that a successful attack requires the attacker to have a valid local account on the target machine, and for Administrator elevation scenarios, additional user interaction by an administrative user is needed [1].