Vulnerabilities for Realarcade installer (...) - CXSECURITY.COM

Vulnerabilities for 'Realarcade installer'

2015-01-12

CVE-2013-2604

CWE-264

RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.

CVE-2013-2603

CWE-Other

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.

>>> Vendor: Realnetworks 26 Products

Realsystem g2 server

Realplayer intranet

Realjukebox 2 plus

Helix universal server

Realone enterprise desktop

Realone desktop manager

Realsystem proxy

Realsystem server

Helix universal mobile server

Helix universal mobile server and gateway

Helix dna server

Helix mobile server

Realplayer enterprise

Helix server mobile

Realarcade installer

Copyright 2024, cxsecurity.com