CVSS: 8.8EPSS: 23%CPEs: 1EXPL: 4CVE-2019-12828 – Electronic Arts Origin URI Handler Remote Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12828
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share. Fue encontrado un problema en Origin de Electronic Arts anterior a versión 10.5.39. Debido a un saneamiento inapropiado de los esquemas URI origin:// y origin2://, es posible inyectar argumentos adicionales en el proceso Origin y, finalmente, impulsar la ejecución del código cargando un plugin Qt de puerta trasera (backdoor) remotamente por medio del argumento platformpluginpath suministrado con una red compartida de Windows. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Electronic Arts Origin. • https://www.exploit-db.com/exploits/47019 http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.html https://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution https://www.youtube.com/watch?v=E9vCx9KsF3c https://www.zerodayinitiative.com/advisories/ZDI-19-574 https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 53%CPEs: 1EXPL: 5CVE-2019-11354 – dotProject 2.1.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-11354
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication. El cliente de Electronic Arts (EA) Origin versión 10.5.36 en Windows permite la inyección de plantillas en el parámetro title del controlador URI de Origin2. Esto se puede utilizar para escapar del entorno limitado AngularJS subyacente y lograr la ejecución remota de código a través de una dirección URL origin2://game/launch para la comunicación QtApplication QDesktopServices. EA Origin versions prior to 10.5.36 suffer from a remote code execution vulnerability via template injection leveraging cross site scripting. • https://www.exploit-db.com/exploits/47021 http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.html https://blog.underdogsecurity.com/rce_in_origin_client https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604 https://techcrunch.com/2019/04/16/ea-origin-bu • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8945
https://notcve.org/view.php?id=CVE-2015-8945
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. openshift-node en OpenShift Origin 1.1.6 y versiones anteriores almacena incorrectamente credenciales de router como envvars en la ranura cuando la opción --credentials es usada, lo que permite a usuarios locales obtener información clave privada y sensible leyendo el diario systemd. • http://www.openwall.com/lists/oss-security/2016/07/13/10 http://www.openwall.com/lists/oss-security/2016/07/13/9 http://www.securityfocus.com/bid/91776 https://github.com/openshift/origin/issues/3951 • CWE-255: Credentials Management Errors •