CVE-2013-2604
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
12/01/2015
Last modified:
12/04/2025
Description
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:realnetworks:realarcade_installer:2.6.0.481:*:*:*:*:*:*:* | ||
| cpe:2.3:a:realnetworks:realarcade_installer:3.0.7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.osvdb.org/96918
- http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
- https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf
- http://www.osvdb.org/96918
- http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
- https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf