CVE-2013-2603

2015-01-12T19:59:00
ID CVE-2013-2603
Type cve
Reporter cve@mitre.org
Modified 2015-01-13T20:42:00

Description

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>