Vulnerability Details CVE-2013-2603
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.137
EPSS Ranking 93.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.osvdb.org/96919
- http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
- https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf
- http://www.osvdb.org/96919
- http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
- https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf
Products affected by CVE-2013-2603
-
cpe:2.3:a:realnetworks:realarcade_installer:2.6.0.481