CWE-623
Unsafe ActiveX Control Marked Safe For Scripting
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
CVE-2011-10028 (GCVE-0-2011-10028)
Vulnerability from cvelistv5
Published
2025-08-20 15:39
Modified
2025-08-21 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting
Summary
The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RealNetworks | RealArcade ActiveX |
Version: * ≤ 2.6.0.445 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2011-10028",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T17:31:18.102550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T17:31:22.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17149"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17105"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"InstallerDlg.dll"
],
"platforms": [
"Windows"
],
"product": "RealArcade ActiveX",
"vendor": "RealNetworks",
"versions": [
{
"lessThanOrEqual": "2.6.0.445",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "rgod"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim\u0027s Windows machine without proper validation or restrictions. This platform was \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks\u0027 platform, GameHouse.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim\u0027s Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks\u0027 platform, GameHouse."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
},
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-623",
"description": "CWE-623 Unsafe ActiveX Control Marked Safe For Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:39:11.898Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17105"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17149"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.html"
},
{
"tags": [
"product"
],
"url": "https://www.gamehouse.com/"
},
{
"tags": [
"product"
],
"url": "https://archive.org/details/com.real.arcade"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-execution"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2011-10028",
"datePublished": "2025-08-20T15:39:11.898Z",
"dateReserved": "2025-08-19T14:59:15.495Z",
"dateUpdated": "2025-08-21T17:31:22.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- During development, do not mark it as safe for scripting.
Mitigation
Phase: System Configuration
Description:
- After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer.
No CAPEC attack patterns related to this CWE.