A British infosec outfit spotted a privilege escalation vulnerability in EA Games’ Origin client after discovering the software was hunting for an absent DLL file when users opened it.
Nettitude found the priv-esc after researcher Tom Wilson fired up Origin and ran Process Monitor (Procmon) over it to see what Origin was calling when it ran.
As Nettitude's Rob Bone told The Register: “The crux is Origin itself tries to load a binary from a path that doesn’t exist. It’s most likely that it does exist under dev boxes but was not trimmed from the final polished product.”
Directly affected was Origin’s deployment of the Qt widget toolkit used for creating graphical user interfaces (GUIs) and cross-platform apps capable of running on different hardware and software environments.
The vu ..
Support the originator by clicking the read the rest link below.
