Home page logo
/

bugtraq logo Bugtraq mailing list archives

An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism
From: RBS Research <research () riskbasedsecurity com>
Date: Thu, 19 Sep 2013 09:09:02 +0200

January 2013, we encountered the latest version of RealArcade
installer provided by GameHouse (a division of RealNetworks) on a
system during an audit. Considering its historical vulnerabilities and
recent reports about vulnerabilities in game clients/installers, we
decided to take a closer look at its current security state.

It was uncovered that not only was it still affected by almost two
year old, publicly known vulnerabilities allowing command execution,
but also new issues incl. unsafe permissions and a use-after-free. The
full paper describes the flaws in the GameHouse game installer
implementation for Windows, and how it exposes users’ systems.

While not responsive (except a classic response from support - see
timeline in report), GameHouse did silently address some of these
issues in a site update around May 2013, but other concerns still
remain.

Blog:
http://www.riskbasedsecurity.com/2013/09/an-analysis-of-the-insecurity-state-of-the-gamehouse-game-installation-mechanism/

Paper:
http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf

--

Carsten Eiram
Risk Based Security

Twitter: @RiskBased / @CarstenEiram


  By Date           By Thread  

Current thread:
  • An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism RBS Research (Sep 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault