Primary

Context

Realtek IIS Codec Service Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in the Realtek IIS Codec Service version 6.4.10041.133 due to an unquoted service path. This flaw allows local attackers to potentially execute arbitrary code by exploiting the unquoted path in the service configuration. Attackers can inject malicious executables to escalate privileges on the system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation and arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by injecting a malicious executable into the unquoted service path of the Realtek IIS Codec Service. Once the executable is executed, it can be used to escalate privileges on the system.

Added: Feb 12, 2026, 8:30 PM

Updated: Feb 12, 2026, 8:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Realtek IIS Codec Service Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating