The vulnerability is almost identical to one found by the same researchers last year in Valve's Steam online game distribution platform. That flaw allowed the abuse of steam:// protocol links in the same way.
The Steam vulnerability was reported in October 2012 but has yet to be fixed, the researchers said. Fixing it would probably require considerable changes to the platform because it results from a design flaw, they said. The researchers don't expect EA to fix the origin link issue any time soon either.
The attack is not limited to "Crysis 3." It also works for other games that have similar command line features or some local vulnerabilities, the researchers said. The flaw essentially provides a way to remotely abuse features or security issues that would otherwise only be exposed to local attacks, they said.
Auriemma and Ferrante never disclose the vulnerabilities they find to the affected software vendors, so they did not alert EA about the flaw before presenting it at Black Hat.
The researchers published a white paper on their website that explains the issue in more detail and proposes a way to mitigate the attacks. The mitigation involves using a specialized tool called urlprotocolview to disable the origin:// URL.
The side effect of doing this will be that launching games using the desktop shortcuts or their executable files will no longer work. However, users will still be able to launch the games from inside the Origin client.
