CVE-2019-12828

HIGH

Electronic Arts Origin <10.5.39 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12828. PoCs published by Dominik Penner.

AI-analyzed exploit summary This exploit demonstrates an argument injection vulnerability in EA Origin's custom URI handler, allowing remote code execution by injecting Qt-specific arguments via a crafted URI. The payload leverages the 'platformpluginpath' argument to load malicious DLLs from a remote share.

Description

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.

Exploits (1)

exploitdb WORKING POC

by Dominik Penner · textremotewindows

https://www.exploit-db.com/exploits/47019

View Code ZIP pw:eip

This exploit demonstrates an argument injection vulnerability in EA Origin's custom URI handler, allowing remote code execution by injecting Qt-specific arguments via a crafted URI. The payload leverages the 'platformpluginpath' argument to load malicious DLLs from a remote share.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EA Origin Client <10.5.38

No auth needed

Prerequisites: Victim must have EA Origin installed · Victim must visit a malicious link (e.g., via phishing or compromised website) · Attacker must host a malicious DLL on a reachable SMB share

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →