CVE-2019-25345
Unquoted Service Path in Realtek IIS Codec Allows Code Execution
Publication date: 2026-02-12
Last updated on: 2026-02-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| realtek | iis_codec_service | 6.4.10041.133 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'This vulnerability exists in the Realtek IIS Codec Service version 6.4.10041.133 and is caused by an unquoted service path in the service configuration. Because the service path contains spaces but is not enclosed in quotes, a local attacker can place a malicious executable in a location that the system will execute instead of the legitimate service executable.'}, {'type': 'paragraph', 'content': 'Specifically, the vulnerable service named "RtkI2SCodec" runs an executable located at "C:\\Program Files\\Realtek\\Audio\\IIS\\RtkI2SAudioService64.exe" with automatic start on Windows systems. The unquoted path allows an attacker with local access to escalate privileges by injecting and executing arbitrary code.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can allow a local attacker to execute arbitrary code with elevated privileges on the affected system. By exploiting the unquoted service path, the attacker can inject malicious executables that run with the service's privileges, potentially leading to full system compromise."}, {'type': 'paragraph', 'content': 'The impact includes unauthorized code execution, privilege escalation, and potential control over the system, which can be used to install malware, steal data, or disrupt system operations.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking the service path of the 'RtkI2SCodec' service for unquoted spaces. Since the service executable path contains spaces and is unquoted, it is vulnerable to code injection."}, {'type': 'paragraph', 'content': 'On a Windows system, you can use the following command to check the service path:'}, {'type': 'list_item', 'content': 'sc qc RtkI2SCodec'}, {'type': 'paragraph', 'content': 'If the path shown in the output contains spaces and is not enclosed in quotes, the service is vulnerable to this unquoted service path issue.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the service path to include quotes around the executable path to prevent execution of malicious files placed in the path.
Alternatively, restrict local user permissions to prevent unauthorized users from placing executables in directories that are part of the service path.
If possible, update or patch the Realtek IIS Codec Service to a version where this vulnerability is fixed.