back to article EA Games' Origin client contained privilege escalation vuln that anyone with user-grade access could exploit

A British infosec outfit spotted a privilege escalation vulnerability in EA Games’ Origin client after discovering the software was hunting for an absent DLL file when users opened it. Nettitude found the priv-esc after researcher Tom Wilson fired up Origin and ran Process Monitor (Procmon) over it to see what Origin was …

  1. RM Myers
    Happy

    EA “worked quite well with us” during the vuln disclosure process,

    Wait, another company doing what you are supposed to do when notified of a vulnerability in their software? I hope this doesn't become a trend. Come on EA, it is 2020, the year when being cynical is not a choice, it's a responsibility, and how can we meet our responsibilities without your help.

  2. schmeckles65

    Origin, Steam, Epic, uPlay

    I've lost track of the number of clients I need to run to play my games, Origin was the first to go due to it thinking it could maximize itself to advertise one of its products forcing my game to minimize.

    Seems I made a good decision.

    1. DrXym

      Re: Origin, Steam, Epic, uPlay

      Yup it's a total joke. More so when you think that these clients only exist because (in no particular order) the likes of EA, Microsoft, Ubisoft, Blizzard Activision, Epic, Valve and CD Project + other wannabes are too selfish and short sighted to produce a single framework with a federated system for hooking up to different storefronts.

      1. lglethal Silver badge
        Go

        Re: Origin, Steam, Epic, uPlay

        If your after a single client GOG Galaxy will link all of your games from GOG, Steam, Epic, Uplay, Origin, Xbox game pass, and Playstation network in one spot, so you can actually see all your games. Admittedly, when you load a game from one of the other networks it does load that launcher in the background, but at least this way you dont need to have them all running at the same time.

  3. Dan 55 Silver badge

    Huh

    It’s most likely that it does exist under dev boxes but was not trimmed from the final polished product.

    Since when did Origin become a polished product?

    1. DrXym

      Re: Huh

      Never. EA are supposedly relaunching it but it seems like EA are only half heartedly trying these days since they sell subs on Windows Store and Steam.

    2. very angry man

      Re: Huh

      -origin is a consideration when buying games, i got battlefield 3 managed to play it through once despite game killing glitches and that's it cant play it again, wont load, contacted origin still waiting on a response , bin like 3 months, so now if it requires origin i save my money, and i cant afford another monitor.

      1. Mongrel

        Re: Huh

        I've never installed it.

        First time I would have brought something that did was near it's launch when it still had the "Oh, by the way, by clicking yes you've given us permission to rummage through your hard drive at will. KTHNXBYE" 'anti-cheat' functionality.

        That combined with their rapacious acquisition and absorption of good companies (Bullfrog, Maxis, Westwood studios etc.) was the final straw, I've not purchased a new EA game since or any second hand one that requires Origin.

      2. nematoad
        Headmaster

        Re: Huh

        "...and i cant afford another monitor."

        Your punctuation is a bit lacking as well. Who are you, e e cummings?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon