CVE Catalog

CVE-2016-20085

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

The Realtek High Definition Audio Driver version 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path.

Risk Assessment

Attackers can insert an executable file in the unquoted path and restart the service, leading to code execution with LocalSystem privileges, posing a serious security threat to the system.

Recommendation

It is recommended that system administrators update the driver to the latest version and ensure that service paths are properly quoted to minimize the risk of privilege escalation.

Original NVD description (English source)

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS