CVE-2019-11354

Name of the Vulnerable Software and Affected Versions EA Origin version 10.5.36

Description The issue concerns template injection in the title parameter of the Origin2 URI handler, allowing an attacker to escape the AngularJS sandbox. This can lead to remote code execution via an origin2://game/launch URL, specifically affecting QtApplication QDesktopServices communication.

Recommendations For EA Origin version 10.5.36, consider restricting access to the origin2://game/launch URL until a patch is available. As a temporary workaround, avoid using the title parameter in the Origin2 URI handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.