Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19741

EPSS 0.06% · P20
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-19741

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Electronic Arts Origin 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Electronic Arts Origin是美国艺电(Electronic Arts)公司的一款游戏管理平台。该平台包括电子软件分发、数字版权管理及社交系统等功能。 Electronic Arts Origin 10.5.55.33574版本中存在安全漏洞。攻击者可通过绕过通道及黑名单过滤器利用该漏洞写入被修改的自由访问控制列表,从而提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-19741

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-19741

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-02-20 · 42 CVEs total

CVE-2020-9015多款Arista Networks产品安全漏洞
CVE-2014-4650Python 路径遍历漏洞
CVE-2015-4411mongodb/bson-ruby 资源管理错误漏洞
CVE-2015-4410rubygem-moped 输入验证错误漏洞
CVE-2011-4915Linux kernel 信息泄露漏洞
CVE-2011-0699Linux kernel 缓冲区错误漏洞
CVE-2014-4019ZTE ZXV10 W300 安全漏洞
CVE-2012-3351LongTail Video JW Player 跨站脚本漏洞
CVE-2020-9318Red Gate SQL Monitor 安全漏洞
CVE-2019-11189ONOS 安全漏洞
CVE-2019-16297Open Network Operating System 安全漏洞
CVE-2014-7951Android debug bridge 路径遍历漏洞
CVE-2020-9320Avira AV Engine 代码问题漏洞
CVE-2019-16298Open Network Operating System 安全漏洞
CVE-2019-16299Open Network Operating System 安全漏洞
CVE-2019-16300Open Network Operating System 安全漏洞
CVE-2019-16301Open Network Operating System 安全漏洞
CVE-2019-16302Open Network Operating System 安全漏洞
CVE-2020-9003WordPress Modula Image Gallery 跨站脚本漏洞
CVE-2020-8990Western Digital My Cloud Home和ibi 授权问题漏洞

Showing top 20 of 42 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-19741

No comments yet

Leave a comment