Daley Bee

**Name of the Vulnerable Software and Affected Versions** EA Origin version 10.5.36 **Description** The issue concerns template injection in the `title` parameter of the Origin2 URI handler, allowing an attacker to escape the AngularJS sandbox. This can lead to remote code execution via an `origin2://game/launch` URL, specifically affecting QtApplication QDesktopServices communication. **Recommendations** For EA Origin version 10.5.36, consider restricting access to the `origin2://game/launch` URL until a patch is available. As a temporary workaround, avoid using the `title` parameter in the Origin2 URI handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.