Home

Description

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.

PUBLISHED Reserved 2025-08-01 | Published 2025-08-01 | Updated 2026-04-07 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

8.1
affected

Credits

Ahmad Moghimi finder

References

raw.githubusercontent.com/...ws/local/agnitum_outpost_acs.rb exploit

www.exploit-db.com/exploits/27282 exploit

www.exploit-db.com/exploits/28335 exploit

www.vulncheck.com/...utpost-internet-security-local-priv-esc third-party-advisory

cve.org (CVE-2013-10046)

nvd.nist.gov (CVE-2013-10046)

Download JSON