CVE-2020-37251
Received Received - Intake
Unquoted Service Path in RealTimes Desktop Service

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2020-37251
EUVD
EUVD-2020-31252
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
realtimes desktop_service 18.1.4
realtimes desktop_service to 18.1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in RealTimes Desktop Service version 18.1.4 and earlier, specifically in the unquoted service path of the rpdsvc.exe binary.

Because the service path is unquoted, local attackers can place malicious executables in directories within that unquoted path.

When the service starts or the system reboots, the system may execute the malicious executable with LocalSystem privileges, allowing the attacker to escalate their privileges on the system.

Impact Analysis

This vulnerability allows local attackers to escalate their privileges to LocalSystem level, which is the highest privilege level on a Windows system.

An attacker can execute arbitrary code with these elevated privileges during service startup or system reboot, potentially leading to full system compromise.

This can result in unauthorized access, control over system resources, and the ability to bypass security controls.

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the RealTimes Desktop Service executable (rpdsvc.exe). Specifically, you need to identify if the service path contains spaces and is not enclosed in quotes, which allows malicious executables to be placed in those directories.

On a Windows system, you can use the following command to list services and their executable paths to find unquoted paths:

  • sc qc rpdsvc

Alternatively, you can use PowerShell to find unquoted service paths:

  • Get-WmiObject win32_service | where { $_.PathName -like '* *' -and $_.PathName -notlike '"*"' } | select Name, PathName

If the path to rpdsvc.exe is unquoted and contains spaces, the system is vulnerable to this privilege escalation issue.

Mitigation Strategies

To mitigate this vulnerability, you should immediately correct the unquoted service path by enclosing the full path to the rpdsvc.exe executable in double quotes. This prevents the system from executing malicious executables placed in directories within the unquoted path.

Additionally, ensure that only trusted users have write permissions to directories in the service path to prevent placing malicious executables.

If possible, update RealTimes Desktop Service to a version later than 18.1.4 where this vulnerability is fixed.

As a temporary measure, restrict local user access or monitor for suspicious executables in the service path directories.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37251. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart