RealNetworks Arcade ActiveX Command Execution Vulnerability

A vulnerability exists in the RealNetworks RealArcade platform's ActiveX control, specifically in InstallerDlg.dll version 2.6.0.445. This vulnerability allows remote attackers to execute arbitrary commands on a victim's Windows machine by exploiting the Exec method of the StubbyUtil.ProcessMgr COM object. The issue arises from inadequate validation and restrictions in the ActiveX control, which is marked safe for scripting and initialization, enabling exploitation through Internet Explorer.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected Windows machine, executed in the context of the logged-in user.

Reproduction

To reproduce this vulnerability, install the RealArcade client version 1.2.0.1256. After installation, download a Real Arcade Game that uses the StubbyUtil.ProcessMgr ActiveX control, such as 'My Farm Life'. When the game is launched, the ActiveX control is installed and registered. The vulnerability can then be exploited by opening a specially crafted web page that interacts with the ActiveX control, using Internet Explorer.