CVE-2013-2604

Name of the Vulnerable Software and Affected Versions RealNetworks GameHouse RealArcade Installer versions 2.6.0.481 through 3.0.7

Description The issue concerns weak permissions set for the GameHouse Games directory tree, allowing local users to gain privileges. This can be achieved by placing a Trojan horse DLL in an individual game's directory. For example, a malicious DDRAW.DLL in the Zuma Deluxe directory could be used for exploitation.

Recommendations For versions 2.6.0.481 through 3.0.7, consider restricting write access to the GameHouse Games directory tree to prevent unauthorized modifications. As a temporary workaround, avoid using the affected GameHouse Games directory tree until a patch is available. Restrict access to the directory tree to minimize the risk of exploitation.