Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2603

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-2603
Last Modified 13 Jan 2015 03:42:55
Published 12 Jan 2015 02:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-2603

Summary

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.

Vulnerable Systems

Application

  • Realnetworks Realarcade Installer 2.6.0.481


References

MISC - https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf

MISC - http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf

OSVDB - 96919


Last Updated: 27 May 2016 11:07:30