Vulnerabilities > CVE-2013-2603 - Unspecified vulnerability in Realnetworks Realarcade Installer 2.6.0.481
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://www.osvdb.org/96919
- http://www.osvdb.org/96919
- http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
- http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
- https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf
- https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf