CVSS: 10.0EPSS: 13%CPEs: 1EXPL: 0CVE-2013-2603
https://notcve.org/view.php?id=CVE-2013-2603
12 Jan 2015 — The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method. El control de ActiveX RACInstaller.StateCtrl.1 en InstallerDlg.dll en ... • http://www.osvdb.org/96919 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2604
https://notcve.org/view.php?id=CVE-2013-2604
12 Jan 2015 — RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. RealNetworks GameHouse RealArcade Installer (también conocido como ActiveMARK Game Installer) 2.6.0.481 y 3.0.7 utiliza permisos débiles (Crear ficheros/Escribir datos... • http://www.osvdb.org/96918 • CWE-264: Permissions, Privileges, and Access Controls •