CVE-2019-19741: 
NixOS vulnerability analysis and mitigation

CVE-2019-19741 affects Electronic Arts Origin 10.5.55.33574, discovered and disclosed in February 2020. This vulnerability allows local privilege escalation through arbitrary directory DACL (Discretionary Access Control List) manipulation. The issue is distinct from related vulnerabilities CVE-2019-19247 and CVE-2019-19248 (MITRE CVE).

The vulnerability exploits three key weaknesses in the Origin client: insufficient named pipe client verification where the service verifies the client's executable file instead of its in-memory process, named pipe communication using static encryption keys that can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll, and incomplete mitigations in the CreateDirectory component. The vulnerability has a CVSSv3 score of 7.8 (HIGH) and CVSSv2 score of 7.2 (HIGH) (Medium Blog).

When successfully exploited, the vulnerability allows an attacker to elevate privileges by manipulating directory access controls. The attacker can achieve arbitrary DACL write capabilities, potentially gaining full system access by modifying service binaries' permissions (Medium Blog).

The vulnerability was fixed in Origin version 10.5.56.33908 with the introduction of Restricted Access Mode. However, this mode must be explicitly enabled as it is disabled by default. EA recommends administrators to enable Restricted Access Mode to fully remediate this vulnerability (Medium Blog).

EA acknowledged that while the vulnerability is serious, they noted that less than 5% of their user base operates without administrator-level access, limiting the practical impact of the vulnerability. The disclosure process was described as professional and pleasant by the researcher (Medium Blog).