Unrated severityNVD Advisory· Published Jan 12, 2015· Updated Jun 16, 2026
CVE-2013-2603
CVE-2013-2603
Description
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.
Affected products
2cpe:2.3:a:realnetworks:realarcade_installer:2.6.0.481:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:realnetworks:realarcade_installer:2.6.0.481:*:*:*:*:*:*:*
- (no CPE)range: = 2.6.0.481
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.