The RCE that AMD wouldn't fix

A security researcher discovers a remote code execution vulnerability in AMD's AutoUpdate software and reports it to AMD, which initially refuses to fix it, citing it as out of scope, but later agrees to issue a CVE and provide credit to the researcher.