By Nettitude

Electronic Arts (EA) Origin is an online platform that allows users to purchase and play video games on desktop and mobile platforms.  It’s currently used by millions of gamers around the world.  Earlier this year, we identified a vulnerability affecting the EA Origin Windows client. 

CVE-2020-27708 – EA Origin Windows Client 

The EA Origin Windows client has a vulnerability in the way it handles one of its software libraries.  It also runs with excessive service permissions.   

This combination of flaws allows an attacker to exploit a machine running the EA Origin Windows client by moving locally from a low privilege user to a user with the highest privileges.  Subsequently, an attacker could easily deploy malware locally and even move laterally to other machines in the network for wider compromise. 

This vulnerability has been assigned CVE-2020-27708. 

Technical Analysis 

A full technical analysis for this vulnerability can be found at https://labs.nettitude.com/blog/cve-2020-27708-electronic-arts-ea-origin-local-privilege-escalation.  That article explains how we identified and exploited the vulnerability.  It also provides guidance to developers on avoiding the same class of vulnerability.  The vulnerability was discovered by Tom Wilson (@uint_ptr). 

Patching 

Electronic Arts were receptive to our report and, following communications with us, have recently produced an effective patch.  As of version xyz, this local privilege escalation vulnerability in EA Origin has been fixed. 

Timeline 

The vulnerability disclosure timeline was as follows. 

• 27 July 2020 – Initial discovery 
• 28 July 2020 – CVE-2020-16091 issued by MITRE 
• 8 September 2020 – EA Games informed of vulnerability 
• 19 September 2020 – EA Games granted CNA status 
• 28 October 2020 – EA Games issued CVE-2020-27708 
• 29 October 2020 – EA Games released patch 
• 03 November 2020 – Nettitude release vulnerability analysis