CVE-2013-2603

RealNetworks GameHouse RealArcade Installer 2.6.0.481 - RCE/DoS

Title source: llm

Description

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.

References (3)

[Various Sources] http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf

[Various Sources] https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf

[Third Party Advisory, VDB Entry] http://www.osvdb.org/96919

Scores

EPSS 0.1371

EPSS Percentile 94.1%

Classification

Status draft

Affected Products (1)

realnetworks/realarcade_installer

Timeline

Published Jan 12, 2015

Tracked Since Feb 18, 2026