CVE-2020-37252
Received Received - Intake
Unquoted Service Path in Realtek Audio Service

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2020-37252
EUVD
EUVD-2020-31253
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
realtek audio_service 1.0.0.55
realtek audio_service to 1.0.0.55 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in Realtek Audio Service version 1.0.0.55, specifically in the executable RtkAudioService64.exe, which has an unquoted service path.

Because the service path is unquoted, local attackers can place malicious executable files in the directory path where the service runs. When the service starts or the system reboots, the malicious code can be executed.

This allows attackers to escalate privileges by running arbitrary code with LocalSystem privileges, which is a very high level of access on the system.

Impact Analysis

This vulnerability can allow a local attacker to execute arbitrary code with LocalSystem privileges on an affected system.

Such privilege escalation means the attacker can gain full control over the system, bypass security restrictions, install malware, steal data, or disrupt system operations.

Because the service runs automatically and with high privileges, the impact is significant and can compromise the entire system's security.

Detection Guidance

This vulnerability can be detected by checking if the Realtek Audio Service executable path is unquoted, which allows for potential privilege escalation. Specifically, you need to verify the service path of RtkAudioService64.exe to see if it contains spaces and is not enclosed in quotes.

On a Windows system, you can use the following command to check the service path:

  • sc qc RtkAudioService64

Look at the BINARY_PATH_NAME output. If the path contains spaces and is not enclosed in quotes, the system is vulnerable to this unquoted service path issue.

Additionally, you can manually inspect the service executable path in the registry or services management console to confirm if the path is unquoted.

Mitigation Strategies

To mitigate this vulnerability immediately, you should ensure that the service executable path is properly quoted to prevent malicious code injection.

Specifically, update the service path for RtkAudioService64.exe to be enclosed in double quotes, for example:

  • "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"

This prevents the system from interpreting spaces in the path as separate commands, blocking attackers from placing malicious executables in unintended locations.

Additionally, consider applying any available patches or updates from Realtek or your system vendor that address this vulnerability.

As a temporary measure, restrict local user permissions to prevent unauthorized file placement in the service directory.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart