Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2604

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2013-2604
Last Modified 13 Jan 2015 03:43:27
Published 12 Jan 2015 02:59:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-2604

Summary

RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.

Vulnerable Systems

Application

  • Realnetworks Realarcade Installer 2.6.0.481

  • Realnetworks Realarcade Installer 3.0.7


References

MISC - https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf

MISC - http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf

OSVDB - 96918


Last Updated: 27 May 2016 11:07:30