漏洞信息详情
艺电 Electronic Arts Origin 注入漏洞
- CNNVD编号:CNNVD-201904-943
- 危害等级: 高危
- CVE编号: CVE-2019-11354
- 漏洞类型: 注入
- 发布时间: 2019-04-19
- 威胁类型: 本地
- 更新时间: 2022-04-19
- 厂 商:
- 漏洞来源: Metin Yunus Kandem...
漏洞简介
Electronic Arts Origin是美国艺电(Electronic Arts)公司的一款游戏管理平台。该平台包括电子软件分发、数字版权管理及社交系统等功能。
EA Origin 10.5.36版本(Windows)中的客户端存在注入漏洞。攻击者可借助origin2://game/launch URL利用该漏洞绕过底层的Angularjs沙盒并执行代码。
漏洞公告
目前厂商已发布新版本,以修复此安全问题,详情请关注厂商主页:
https://www.ea.com/
参考网址
来源:MISC
链接:https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/
来源:www.trustedreviews.com
链接:https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942
来源:www.thesun.co.uk
链接:https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/
来源:www.techradar.com
链接:https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-client
来源:www.pcmag.com
链接:https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clien
来源:www.golem.de
链接:https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.HTML
来源:techcrunch.com
链接:https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/
来源:gizmodo.com
链接:https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604
来源:blog.underdogsecurity.com
链接:https://blog.underdogsecurity.com/rce_in_origin_client/
来源:gamasutra.com
链接:http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php
来源:MISC
链接:http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.HTML
来源:MISC
链接:http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.HTML
来源:www.exploit-db.com
链接:https://www.exploit-db.com/exploits/47021
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-11354
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.HTML
受影响实体
暂无
补丁
- Electronic Arts Origin 代码注入漏洞的修复措施
评论