Electronic Arts Gifts You With An Origin DLL Injection Vulnerability
Update To 10.5.86 Or You Could Just …
Origin had a rather nasty flaw for a bit, but thankfully as far as Nettitude, the British infosec company which discovered it can tell, it was never actively leveraged before it was patched. The issue was with OriginWebHelperService.exe, and the fact that it was configured to look for a DLL to load, in a folder which doesn’t exist on a normal Windows 10 installation.
At launch the service attempts to find C:\Program Files (x86)\Origin\Platforms and load qwindows.dll. That folder does not exist, but that doesn’t mean you couldn’t create it and add in your own handcrafted DLL for Origin to load. As you wouldn’t need elevated access to be able to make that change this was a fairly serious vulnerability. Strangely, Origin never seemed to toss an error when it discovered the file was missing, which would have made this issue very obvious and it would have been solved almost immediately.
DLL injections are usually more of a concern for enterprise, which is why they have a variety of mitigation for this in place … or at least a plan to implement them some day when time and budget allows. In this case, as Origin is installed on millions of personal computers, this specific DLL injection was a much larger concern than usual.
Sadly, this is not the first time that Origin has had a serious vulnerability, though this recent one could have wreaked far more havoc than the credential interception.
Origin had about 30 million users, according to a public financial filings by Electronic Arts posted some eight years ago. No more recent stats are available. The platform competes with Valve’s Steam game distribution platform and hosts The Sims franchise, among others.