Electronic Arts Dragon Age Origins Unquoted Service Path Vulnerability in DAUpdaterSVC

A privilege escalation vulnerability has been identified in the DAUpdaterSVC service of Electronic Arts' Dragon Age Origins, version 1.05. The vulnerability arises from an unquoted service path and insecure permissions that allow local users to modify the executable path of the service. Since the service operates with NT AUTHORITY\SYSTEM privileges, this flaw can be exploited by replacing or adding a malicious executable in the service path, which will then be executed with full system rights when the service is started or restarted.

Impact

Exploitation of this vulnerability allows for remote code execution with NT AUTHORITY\SYSTEM privileges, leading to complete control over the affected system.

Reproduction

To reproduce this vulnerability, a local user must have access to a system with Dragon Age Origins installed. The user can then modify the DAUpdaterSVC service's executable path to include a malicious executable. Once the service is restarted, the malicious file will be executed with system privileges, allowing for unauthorized actions on the system.