CVE-2016-20085

Realtek High Definition Audio Driver 6.0.1.6730 Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Realtek · Realtek High Definition Audio Driver

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/40587unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/40587 https://www.vulncheck.com/advisories/realtek-high-definition-audio-driver-privilege-escalation