Local Privilege Escalation in Agnitum Outpost Internet Security
CVE-2013-10046
Key Information:
- Vendor
Agnitum Ltd.
- Vendor
- CVE Published:
- 1 August 2025
Badges
What is CVE-2013-10046?
Agnitum Outpost Internet Security 8.1 contains a local privilege escalation vulnerability that allows unprivileged users to execute arbitrary code with SYSTEM privileges. This security flaw exists in the acs.exe component, which exposes a named pipe, permitting unauthenticated commands. By exploiting a directory traversal vulnerability within the pipe protocol, attackers can load and execute a malicious DLL from user-controlled locations. This malicious DLL runs with the privileges of the vulnerable service, enabling potential system compromise.
Affected Version(s)
Outpost Internet Security 8.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved