logo_clicknbuy.png

CVE-2011-10028 – RealNetworks RealArcade ActiveX Exec Arbitrary Command Execution

The following table lists the changes that have been made to the
CVE-2011-10028 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 20, 2025

    Action Type Old Value New Value
    Added Tag unsupported-when-assigned
    Added Description The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim’s Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks’ platform, GameHouse.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-623
    Added Reference https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.html
    Added Reference https://archive.org/details/com.real.arcade
    Added Reference https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb
    Added Reference https://www.exploit-db.com/exploits/17105
    Added Reference https://www.exploit-db.com/exploits/17149
    Added Reference https://www.gamehouse.com/
    Added Reference https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-execution
Share the Post:

Related Posts