CVE-2016-20085
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
The Realtek High Definition Audio Driver version 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path.
Risk Assessment
Attackers can insert an executable file in the unquoted path and restart the service, leading to code execution with LocalSystem privileges, posing a serious security threat to the system.
Recommendation
It is recommended that system administrators update the driver to the latest version and ensure that service paths are properly quoted to minimize the risk of privilege escalation.
Original NVD description (English source)
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.

