CVE-2013-2604

EUVD-2013-2546
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
realnetworksrealarcade_installer
2.6.0.481
realnetworksrealarcade_installer
3.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.osvdb.org/96918
http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf
http://www.osvdb.org/96918
http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf