CVE-2016-20085

Summary

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.

Affected Software

VendorProductVersion RangeStatus
RealtekRealtek High Definition Audio Driver6.0.1.6730affected

Weaknesses

  • CWE-428: Unquoted Search Path or Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References