Unrated severityNVD Advisory· Published Jan 12, 2015· Updated May 6, 2026

CVE-2013-2603

Description

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.

Affected products

RealNetworks/Realarcade Installer
cpe:2.3:a:realnetworks:realarcade_installer:2.6.0.481:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.osvdb.org/96919nvd
www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdfnvd
www.riskbasedsecurity.com/research/RBS-2013-006.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000