CVE Catalog

CVE-2020-37252

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Realtek Audio Service version 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code.

Risk Assessment

Attackers can place executable files in the unquoted service path directory, allowing arbitrary code execution with LocalSystem privileges during service startup or system reboot.

Recommendation

It is recommended to fix the service path to be properly quoted and to monitor and secure the service directory against unauthorized access.

Original NVD description (English source)

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS