发布时间 :2015-01-12 14:59:01
修订时间 :2015-01-13 15:43:27

[原文]RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.

[CNNVD]RealNetworks GameHouse RealArcade Installer 本地任意代码执行漏洞(CNNVD-201309-051)

        GameHouse RealArcade Installer是美国RealNetworks公司的一套游戏门户网站中的下载安装包。
        GameHouse RealArcade Installer中存在本地任意代码执行漏洞。本地攻击者可利用该漏洞在用户运行的受影响应用程序上下文中执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

RealNetworks GameHouse RealArcade Installer 本地任意代码执行漏洞
2013-09-10 00:00:00 2013-09-10 00:00:00
        GameHouse RealArcade Installer是美国RealNetworks公司的一套游戏门户网站中的下载安装包。
        GameHouse RealArcade Installer中存在本地任意代码执行漏洞。本地攻击者可利用该漏洞在用户运行的受影响应用程序上下文中执行任意代码。

- 公告与补丁


- 漏洞信息

GameHouse RealArcade Installer Default Game Installation Directory Unsafe Permissions Privilege Escalation
Local Access Required Misconfiguration
Loss of Integrity Change Default Setting
Exploit Public RBS Confirmed, No Vendor Response

- 漏洞描述

GameHouse RealArcade Installer contains a flaw, as it by default installs games into '%HOMEDRIVE%\GameHouse Games\' with 'Create Files / Write Data' permissions, allowing unprivileged users to create arbitrary files within the game installation directories. This allows a local attacker to place e.g. a malicious DLL file within a game installation directory, causing it to be loaded when the game is launched and allows gaining privileges similar to any user running the game.

- 时间线

2013-09-05 2013-01-26
Unknow Unknow

- 解决方案

During installation, do not select the default suggested game installation path, but instead one within the %ProgramFiles% path.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GameHouse RealArcade Installer CVE-2013-2604 Local Arbitrary Code Execution Vulnerability
Unknown 62249
No Yes
2013-09-05 12:00:00 2013-09-05 12:00:00
Carsten Eiram of Risk Based Security.

- 受影响的程序版本

- 漏洞讨论

GameHouse RealArcade Installer is prone to a local arbitrary code-execution vulnerability.

Local attackers can exploit this issue to execute arbitrary code within the context of the user running the affected.

- 漏洞利用

An attacker requires local access to the system as an authenticated Windows user to exploit this issue.

- 解决方案

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 相关参考