Description
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unquoted service path in the Realtek High Definition Audio Driver 6.0.1.6730. A local attacker can place a malicious executable in the unquoted service path and restart the service, causing the executable to run with LocalSystem privileges. This flaw, identified as CWE‑428, enables an attacker to execute arbitrary code as a system administrator on a compromised machine.

Affected Systems

Realtek High Definition Audio Driver version 6.0.1.6730 is affected. No other versions or products are listed.

Risk and Exploitability

The CVSS score of 8.5 indicates a high impact vulnerability. Although an EPSS score is not available, the public exploit code listed on exploit‑db demonstrates that attackers can readily take advantage of this flaw with local access. The vulnerability is not listed in the CISA KEV catalog, but the high CVSS and demonstrated exploitability warrant close attention.

Generated by OpenCVE AI on June 19, 2026 at 20:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Realtek audio driver to a version where the service path is correctly quoted or otherwise patched.
  • If an update is not immediately available, configure the service so that its path is properly quoted or remove the unquoted portion of the path from the system registry.
  • Prevent unauthorized executables in the service directory by setting restrictive file permissions or moving the directory to a protected location.

Generated by OpenCVE AI on June 19, 2026 at 20:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
Title Realtek High Definition Audio Driver 6.0.1.6730 Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:41.065Z

Reserved: 2026-06-19T13:13:17.950Z

Link: CVE-2016-20085

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:00:12Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element