![]() ![]() Oakley added that EA “worked quite well with us” during the vuln disclosure process, contrasting that with less positive responses he had seen from other companies in similar situations. “By adding those DLLs to that location we could have those loaded by the process and as that runs, a high integrity process with admin on the host, that path is writable by any user,” explained Bone. Upon realising that the Origin Client Service was vulnerable to the same DLL hijacking vuln, Nettitude was able to open a command prompt with elevated privileges, running under NT AUTHORITY\SYSTEM, as detailed in its blog post. A little light tinkering to ensure the DLL contained the right functions that OriginWebHelperService.exe was looking for scored a successful “low level” compromise. By running the ProcessHacker tool, researchers realised OriginWebHelperService.exe was trying to call a DLL named qwindows.dll from the directory C:\Program Files (x86)\Origin\Platforms.Ĭopying the contents of the correctly formatted folder into the mysterious platforms folder showed OriginWebHelperService.exe was loading qwindows.dll “directly” into the process. ![]() This doesn’t exist on a bog standard Windows 10 installation, so Nettitude created it to see what would happen. ![]() Procmon revealed that two Origin system-level services were searching for a folder at C:\platforms. The platform competes with Valve’s Steam game distribution platform and hosts The Sims franchise, among others. Origin had about 30 million users, according to a public financial filings by Electronic Arts posted some eight years ago. Normally that’s only going to affect that particular user, but in the current climate a lot of those people are working from home on personal machines.” and most of those are going to have free or low tier products, if any. Chris Oakley, Nettitude’s technical services veep, explained to The Register: “Mostly it’ll affect people’s home machines. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |