CVE-2019-12828

Name: CVE-2019-12828
Creator: NVD / NIST
Published: 2019-06-14T20:29:00.277+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 13.27%

Last modified Jun 17, 2026

CVE-2019-12828 is a vulnerability of currently unknown severity. An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.. EPSS estimates a 13.27% chance of exploitation in the next 30 days.

Description

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.

Metrics

EPSS Probability

13.27%

95.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-19

Affected Software

Vendor	Product	Versions
Ea	Origin	< 10.5.39

References

http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.html
https://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/Exploit, Press/Media Coverage, Third Party Advisory
https://www.youtube.com/watch?v=E9vCx9KsF3cExploit, Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-574/
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/Exploit, Third Party Advisory
http://packetstormsecurity.com/files/153385/EA-Origin-Remote-Code-Execution.html
https://www.bleepingcomputer.com/news/security/qt5-based-gui-apps-susceptible-to-remote-code-execution/Exploit, Press/Media Coverage, Third Party Advisory
https://www.youtube.com/watch?v=E9vCx9KsF3cExploit, Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-574/
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/Exploit, Third Party Advisory

Timeline

Published: Jun 14, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-12828?

How severe is CVE-2019-12828?

Severity scoring for CVE-2019-12828 is pending analysis. The EPSS model estimates a 13.27% probability of exploitation in the next 30 days.

How do I fix CVE-2019-12828?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-12828?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST