CVE-2011-10028

RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution

Description

The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.

INFO

Published Date :

2025-08-20T15:39:11.898Z

Last Modified :

2026-04-07T14:02:17.217Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2011-10028 vulnerability.

Vendors	Products
Microsoft	Windows
Realnetworks	Realarcade Realarcade Installer

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2011-10028.

URL	Resource
https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.html
https://archive.org/details/com.real.arcade
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/real_arcade_installerdlg.rb
https://www.exploit-db.com/exploits/17105
https://www.exploit-db.com/exploits/17149
https://www.gamehouse.com/
https://www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-execution

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability