CVE-2013-2604

Sažetak

RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.

Reference

http://www.osvdb.org/96918
http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf
https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-01-2015 - 20:43

Objavljeno

12-01-2015 - 19:59