SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Electronic Arts Origin Remote Code Execution 4

Category: WEB-CLIENT      

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11354


Relevant Information