A Questionable Journey From XSS to RCE
Remote Code Execution (RCE)
As many of you reading this probably already know, in mid April, a good friend of mine (@Daley) and I located a Remote Code Execution vulnerability in EA’s Origin client (CVE-2019-11354). Today I’m going to go in depth on how we discovered this vulnerability, along with a couple others we needed to chain along the way ;pp
https://zeropwn.github.io/2019-05-13-xss-to-rce/