What is CVE-2011-10028?

CVE-2011-10028 is a vulnerability in Realnetworks Realarcade Activex, classified under CWE-623. Published 2025-08-20.

Is CVE-2011-10028 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Realnetworks Realarcade Activex

CVE-2011-10028

The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary comm…

EPSS: 0.626 (98.4th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Realarcade Activex — versions 0

Weakness classification (CWE)

CWE-623

Public proof-of-concept exploits

rapid7/metasploit-framework

References

www.exploit-db.com/exploits/17105 (exploit)
www.exploit-db.com/exploits/17149 (exploit)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
advisories.checkpoint.com/defense/advisories/public/2011/cpai-2011-347.html (third-party-advisory)
www.gamehouse.com/ (product)
archive.org/details/com.real.arcade (product)
www.vulncheck.com/advisories/real-networks-arcade-games-activex-arbitrary-code-… (third-party-advisory)

Frequently asked questions

What is CVE-2011-10028?: CVE-2011-10028 is a vulnerability in Realnetworks Realarcade Activex, classified under CWE-623. Published 2025-08-20.
Is CVE-2011-10028 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.