Upwards of 40 million users of EA's Origin game platform could be open to a vulnerability that allows an attacker to remotely execute malicious code. Demonstrated by ReVuln on Friday at the Black Hat security conference in Amsterdam, the process requires Origin's client to be installed on the victim's machine and it can be exploited when the user clicks a specially crafted link.
The issue stems from Origin's use of specific uniform resource identifiers (URIs) to communicate with games. When it launches a title, it sends an "origin://LaunchGame/
Because that link can contain CommandParams, an attacker could deliver a payload targeting software on your system with a couple of simple commands. For example, ReVuln says this would invoke the Nvidia benchmark framework and then download a tainted DLL: origin://LaunchGame/
What's more, as we understand it, Origin doesn't even have to be running -- again, just installed -- and it's possible that an attacker could exploit a system transparently, especially if the person has their system configured to handle origin:// links automatically. As such, at a minimum, folks are encouraged to make sure their browser is set to issue a prompt when handling those links.
If you're looking to clamp down a bit more than that, the researchers recommend that you disable the origin:// URI globally with a tool such as Nirsoft's URLProtocolView. This will prevent you -- and anyone else -- from running games via shortcuts with custom parameters on your system, but ReVuln says you'll still be able to play games by running them directly from Origin's client.
It's worth noting that this isn't a new problem. The same security group exposed a similar issue on Steam last year: maliciously crafted "steam://" links could be used for remote code execution. Valve plugged that hole roughly two days after ReVuln's report was released. It's unclear if or when EA will issue a fix, not least considering it's had five months to act since the Steam issue.
SimCity is a total reboot of the franchise and goes back to its roots as a true city-building simulator. There are several new gameplay elements, such as finite resources and upgradeable buildings, and Maxis promises to simulate everything you see, from the individual cars on the road to citizens facing everyday challenges.
Dead Space 3 follows recurring protagonist Isaac Clarke and newcomer John Carver as they scour the frozen planet of Tau Volantis. In addition to drop-in/drop-out co-op, Dead Space 3 introduces several new gameplay mechanics, such as the ability to roll for more responsive control and an automatic cover system that doesn't require you to press a button to duck behind something.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.