← back
CVE-2013-2603

CVE-2013-2603

EPSS 4.2%
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.riskbasedsecurity.com/research/RBS-2013-006.pdfhttp://www.osvdb.org/96919http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf