CVE-2013-2603
RealNetworks GameHouse RealArcade Installer 2.6.0.481 - RCE/DoS
Title source: llmDescription
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf
Various Sources x_refsource_misc
http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/96919
Scores
EPSS
0.1181
EPSS Percentile
93.8%
Details
Status
published
Products (1)
realnetworks/realarcade_installer
2.6.0.481
Published
Jan 12, 2015
Tracked Since
Feb 18, 2026