Electronic Arts Gifts You With An Origin DLL Injection Vulnerability

Source: The Register Electronic Arts Gifts You With An Origin DLL Injection Vulnerability

Update To 10.5.86 Or You Could Just …

Origin had a rather nasty flaw for a bit, but thankfully as far as Nettitude, the British infosec company which discovered it can tell, it was never actively leveraged before it was patched.  The issue was with OriginWebHelperService.exe, and the fact that it was configured to look for a DLL to load, in a folder which doesn’t exist on a normal Windows 10 installation.

At launch the service attempts to find C:\Program Files (x86)\Origin\Platforms and load qwindows.dll.  That folder does not exist, but that doesn’t mean you couldn’t create it and add in your own handcrafted DLL for Origin to load.  As you wouldn’t need elevated access to be able to make that change this was a fairly serious vulnerability.   Strangely, Origin never seemed to toss an error when it discovered the file was missing, which would have made this issue very obvious and it would have been solved almost immediately.

DLL injections are usually more of a concern for enterprise, which is why they have a variety of mitigation for this in place … or at least a plan to implement them some day when time and budget allows.  In this case, as Origin is installed on millions of personal computers, this specific DLL injection was a much larger concern than usual. 

Sadly, this is not the first time that Origin has had a serious vulnerability, though this recent one could have wreaked far more havoc than the credential interception.

.

Origin had about 30 million users, according to a public financial filings by Electronic Arts posted some eight years ago. No more recent stats are available. The platform competes with Valve’s Steam game distribution platform and hosts The Sims franchise, among others.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!