CVE-2013-2603 Information

Description

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag (2) Ping (3) QueuePause (4) QueueRemove (5) QueueTop (6) RemoveTag (7) TagRemoved or (8) message method.

Reference

http://www.osvdb.org/96919 http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf https://www.riskbasedsecurity.com/research/RBS-2013-006.pdf