CVE-2013-2603

Name of the Vulnerable Software and Affected Versions RealArcade Installer version 2.6.0.481

Description The issue concerns the RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll, which performs unexpected type conversions for invalid parameter types. This allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to certain methods, including AddTag, Ping, QueuePause, QueueRemove, QueueTop, RemoveTag, TagRemoved, or message.

Recommendations For RealArcade Installer version 2.6.0.481, consider disabling the RACInstaller.StateCtrl.1 ActiveX control until a patch is available to prevent potential exploitation. Restrict access to the vulnerable methods to minimize the risk of arbitrary code execution or denial of service. Avoid using the affected methods in the ActiveX control until the issue is resolved.