PT-2019-13975 · Realtek · Realtek Waves Maxxaudio Driver

Mike Siegel

Published

2019-08-15

Updated

2020-08-24

CVE-2019-15084

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Realtek Waves MaxxAudio driver version 1.6.2.0

Description The issue concerns incorrect file permissions in the installation of the Realtek Waves MaxxAudio driver. This allows a local attacker to escalate privileges to SYSTEM.

Recommendations For Realtek Waves MaxxAudio driver version 1.6.2.0, consider updating the driver to a version with correct file permissions to prevent privilege escalation. As a temporary workaround, restrict access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-15084

Affected Products

Realtek Waves Maxxaudio Driver

PT-2019-13975 · Realtek · Realtek Waves Maxxaudio Driver

CVE-2019-15084

Weakness Enumeration

Related Identifiers

Affected Products

References · 3