CVE-2024-57276
📋 TL;DR
This CVE describes an unquoted service path vulnerability in Electronic Arts Dragon Age Origins 1.05's DAUpdaterSVC service. Attackers with local access can exploit insecure permissions to replace the service executable with malicious code, leading to privilege escalation to SYSTEM level. This affects users running the vulnerable game version on Windows systems.
💻 Affected Systems
- Electronic Arts Dragon Age Origins
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with SYSTEM privileges, allowing complete control over the affected machine, installation of persistent malware, and lateral movement within the network.
Likely Case
Local privilege escalation from a standard user account to SYSTEM, enabling installation of additional malware, credential theft, and bypassing security controls.
If Mitigated
Limited impact with proper access controls, where standard users cannot modify service paths and endpoint protection blocks unauthorized executable creation.
🎯 Exploit Status
Exploitation requires local access and knowledge of Windows service manipulation. The vulnerability is well-documented but no public exploit code is confirmed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to version beyond 1.05
Vendor Advisory: No official vendor advisory found in provided references
Restart Required: No
Instructions:
1. Launch Dragon Age Origins game client. 2. Check for available updates through the game's update mechanism. 3. Apply any available patches. 4. Verify the game version is updated beyond 1.05.
🔧 Temporary Workarounds
Secure Service Permissions
WindowsModify DACL on the DAUpdaterSVC service to restrict write permissions to administrators only
sc sdset DAUpdaterSVC D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
Quote Service Path
WindowsModify the service configuration to use quoted paths in the service binary path
sc config DAUpdaterSVC binPath= "\"C:\Program Files\Dragon Age\bin_ship\DAUpdaterSVC.exe\""
🧯 If You Can't Patch
- Disable the DAUpdaterSVC service if not required for game functionality
- Implement strict access controls to prevent standard users from modifying service paths or creating executables in vulnerable directories
🔍 How to Verify
Check if Vulnerable:
Check if Dragon Age Origins version 1.05 is installed and the DAUpdaterSVC service has an unquoted path with weak permissions: sc qc DAUpdaterSVCCheck Version:
Check game properties or launcher for version informationVerify Fix Applied:
Verify game version is updated beyond 1.05 and check service configuration: sc qc DAUpdaterSVC shows quoted path and proper permissions📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing service configuration changes (Event ID 7040)
- Unexpected service restarts or failures for DAUpdaterSVC
- Creation of executable files in Dragon Age installation directories by non-admin users
Network Indicators:
- No specific network indicators as this is a local privilege escalation
SIEM Query:
Windows Event ID 7040 with Service Name containing 'DAUpdaterSVC' OR Process Creation events with Parent Process containing 'services.exe' and Image containing paths in Dragon Age directories