CVE-2013-2604
RealNetworks RealArcade Installer 2.6.0.481 and 3.0.7 - Privilege Escalation via Trojan Horse DLL
Title source: llmDescription
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
Various Sources x_refsource_misc
https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/96918
Scores
EPSS
0.0007
EPSS Percentile
20.4%
Details
CWE
CWE-264
Status
published
Products (2)
realnetworks/realarcade_installer
2.6.0.481
realnetworks/realarcade_installer
3.0.7
Published
Jan 12, 2015
Tracked Since
Feb 18, 2026