Electronic Arts Gifts You With An Origin DLL Injection Vulnerability


Update To 10.5.86 Or You Could Just …

Origin had a rather nasty flaw for a bit, but thankfully as far as Nettitude, the British infosec company which discovered it can tell, it was never actively leveraged before it was patched.  The issue was with OriginWebHelperService.exe, and the fact that it was configured to look for a DLL to load, in a folder which doesn’t exist on a normal Windows 10 installation.

At launch the service attempts to find C:Program Files (x86)OriginPlatforms and load qwindows.dll.  That folder does not exist, but that doesn’t mean you couldn’t create it and add in your own handcrafted DLL for Origin to load.  As you wouldn’t need elevated access to be able to make that change this was a fairly serious vulnerability.   Strangely, Origin never seemed to toss an error when it discovered the file was missing, which would have made this issue very obvious and it would have been solved almost immediately.

DLL injections are usually more of a concern for enterprise, which is why they have a variety of mitigation for this in place … or at least a plan to implement them some day when time and budget allows.  In this case, as Origin is installed on millions of personal computers, this specific DLL injection was a much larger concern than usual. 

Sadly, this is not the first time that Origin has had a serious vulnerability, though this recent one could have wreaked far more havoc than the credential interception.

.



Source link

We will be happy to hear your thoughts

      Leave a reply

      nineteen + nine =

      Logo
      Enable registration in settings - general
      Compare items
      • Total (0)
      Compare
      0