RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path

vendor:

RTK IIS Codec Service

by:

chuyreds

7.5

CVSS

HIGH

Unquote Service Path

CWE

Product Name: RTK IIS Codec Service

Affected Version From: 6.4.10041.133

Affected Version To: 6.4.10041.133

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Home Single Language

2019

RTK IIS Codec Service 6.4.10041.133 – ‘RtkI2SCodec’ Unquote Service Path

The RTK IIS Codec Service 6.4.10041.133 allows an attacker to execute arbitrary code by exploiting the unquoted service path vulnerability.

Mitigation:

The vendor has not provided any mitigation for this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
# Google Dork: N/A
# Date: 2019-11-11
# Exploit Author: chuyreds
# Vendor Homepage:https://www.realtek.com/en/
# Software Link: https://support.hp.com/mx-es/drivers/selfservice/hp-spectre-13-4000-x360-convertible-pc/7527520/model/7835502?sku=K8N38LA
# Version: 6.4.10041.133 
# Tested on: Windows 10 Home Single Language
# CVE : N/A

# Explot-Realtek.txt

#Service Info:

C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
RTK IIS Codec Service	RtkI2SCodec	C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe	Auto

C:\Users\user>sc query RtkI2SCodec

NOMBRE_SERVICIO: RtkI2SCodec
        TIPO               : 10  WIN32_OWN_PROCESS
        ESTADO             : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        CÓD_SALIDA_WIN32   : 0  (0x0)
        CÓD_SALIDA_SERVICIO: 0  (0x0)
        PUNTO_COMPROB.     : 0x0
        INDICACIÓN_INICIO  : 0x0