[Blog] Local Privilege Escalation in EA's Origin Clienthttps://enigma0x3.net/2019/12/10/cve-2019-19248-local-privilege-escalation-in-eas-origin-client/ …
My original interest in this was because my python script to detect potentially-exploitable services https://gist.github.com/wdormann/db533d84df57a70e9580a6a2127e33bb … didn't detect Origin Web Helper Service as privileged. And I think that's correct. Network/Local Service privs != System privs. Token perhaps a red herringpic.twitter.com/Y5rW5OKyHz
-
-
Yeah, it gets a little weird because the Web Helper Service starts the client service when it starts, which does all the dumb crap
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.