CVE-2011-10028

Vulnerability Description

The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.

Related Weaknesses (CWE)

References

• https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.h
• https://archive.org/details/com.real.arcade
• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
• https://www.exploit-db.com/exploits/17105
• https://www.exploit-db.com/exploits/17149
• https://www.gamehouse.com/
• https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrar
• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
• https://www.exploit-db.com/exploits/17105
• https://www.exploit-db.com/exploits/17149

FAQ

What is CVE-2011-10028?

CVE-2011-10028 is a documented vulnerability. The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows rem...

How severe is CVE-2011-10028?

CVSS scoring is not yet available for CVE-2011-10028. Check NVD for updates.

Is there a patch for CVE-2011-10028?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.