CVE-2020-37252
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Realtek Audio Service version 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code.
Risk Assessment
Attackers can place executable files in the unquoted service path directory, allowing arbitrary code execution with LocalSystem privileges during service startup or system reboot.
Recommendation
It is recommended to fix the service path to be properly quoted and to monitor and secure the service directory against unauthorized access.
Original NVD description (English source)
Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

