VYPR
Unrated severityNVD Advisory· Published Jan 12, 2015· Updated Jun 16, 2026

CVE-2013-2603

CVE-2013-2603

Description

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.

Affected products

2
  • cpe:2.3:a:realnetworks:realarcade_installer:2.6.0.481:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:realnetworks:realarcade_installer:2.6.0.481:*:*:*:*:*:*:*
    • (no CPE)range: = 2.6.0.481

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.