CVE-2019-15084

HIGH

Realtek Waves MaxxAudio driver 1.6.2.0 - Incorrect Permission Assignment for Critical Resource

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15084. PoCs published by Mike Siegel.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation (LPE) vulnerability in MaxxAudio drivers due to incorrect file permissions on WavesSysSvc64.exe, allowing an attacker to replace the executable with a malicious payload and gain SYSTEM privileges upon reboot.

Description

Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.

Exploits (1)

exploitdb WORKING POC

by Mike Siegel · textlocalwindows

https://www.exploit-db.com/exploits/46416

View Code ZIP pw:eip

This exploit demonstrates a local privilege escalation (LPE) vulnerability in MaxxAudio drivers due to incorrect file permissions on WavesSysSvc64.exe, allowing an attacker to replace the executable with a malicious payload and gain SYSTEM privileges upon reboot.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: MaxxAudio drivers version 1.6.2.0

Auth required

Prerequisites: Local access to the system · WavesSysSvc64.exe with incorrect permissions

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/46416

Scores

CVSS v3 7.8

EPSS 0.0094

EPSS Percentile 56.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

maxx/waves_maxx_audio 1.6.2.0

Published Aug 16, 2019

Tracked Since Feb 18, 2026