CVE-2013-10046

HIGH

Agnitum Outpost Internet Security 8.1 - Privilege Escalation

Title source: llm

Description

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/28335

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Ahmad Moghimi · textlocalwindows

https://www.exploit-db.com/exploits/27282

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Ahmad Moghimi, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/agnitum_outpost_acs.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/agnitum_outpost_acs.rb

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/27282

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/28335

[Third Party Advisory] https://www.vulncheck.com/advisories/agnitum-outpost-internet-security-local-priv-esc

Scores

CVSS v4 8.5

EPSS 0.0124

EPSS Percentile 79.3%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-306

Status published

Products (1)

Agnitum Ltd./Outpost Internet Security 8.1

Published Aug 01, 2025

Tracked Since Feb 18, 2026