QwikSec

Security Database

CVE

CWE

Training

CVE-2011-10028

Published: Aug 20, 2025

Modified: May 15, 2026

PUBLISHED

Description

The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.

Vendor	Product	Versions
RealNetworks	RealArcade ActiveX	affected `0 - <= 2.6.0.445`

Weaknesses (CWE)

References

https://www.exploit-db.com/exploits/17105

exploit

https://www.exploit-db.com/exploits/17149

exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb

exploit

https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.html

third-party-advisory

https://www.gamehouse.com/

product

https://archive.org/details/com.real.arcade

product

https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-execution

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.