CVE-2013-2603

Published: Jan 12, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.

Affected (1)

Products: Realnetworks: Realarcade Installer

1 product

Realarcade Installer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realarcade Installer	Version 2.6.0.481

References (6)

http://www.osvdb.org/96919

Source: cve@mitre.org

http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf

Source: cve@mitre.org

https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf

Source: cve@mitre.org

http://www.osvdb.org/96919

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.