We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2013-10046

Agnitum Outpost Internet Security Local Privilege Escalation



Description

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.

Reserved 2025-08-01 | Published 2025-08-01 | Updated 2025-08-01 | Assigner VulnCheck


HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

8.1
affected

Credits

Ahmad Moghimi finder

References

raw.githubusercontent.com/...ws/local/agnitum_outpost_acs.rb exploit

www.exploit-db.com/exploits/27282 exploit

www.exploit-db.com/exploits/28335 exploit

www.vulncheck.com/...utpost-internet-security-local-priv-esc third-party-advisory

cve.org (CVE-2013-10046)

nvd.nist.gov (CVE-2013-10046)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2013-10046

Support options

Helpdesk Chat, Email, Knowledgebase