CVE-2018-19113

HIGH

Pronestor Health Monitoring < 8.1.12.0 - Privilege Escalation via Trojan Horse Executable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19113. PoCs published by PovlTekstTV.

AI-analyzed exploit summary This writeup describes a local privilege escalation vulnerability in Pronestor's Outlook add-in due to insecure file permissions on PronestorHealthMonitor.exe, allowing authenticated users to replace the executable and gain SYSTEM privileges upon service restart.

Description

The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.

Exploits (1)

exploitdb WRITEUP

by PovlTekstTV · textlocalwindows

https://www.exploit-db.com/exploits/46988

View Code ZIP pw:eip

This writeup describes a local privilege escalation vulnerability in Pronestor's Outlook add-in due to insecure file permissions on PronestorHealthMonitor.exe, allowing authenticated users to replace the executable and gain SYSTEM privileges upon service restart.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Pronestor Outlook add-in for Pronestor (versions 8.1.11.0 and older, 5.1.6.0)

Auth required

Prerequisites: Authenticated local access · Pronestor Outlook add-in installed with vulnerable version

MITRE ATT&CK

T1574.001 - DLL T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product, Vendor Advisory x_refsource_misc

https://www.pronestor.com

Exploit, Third Party Advisory x_refsource_misc

https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/153275/Pronestor-Health-Monitoring-Privilege-Escalation.html

Scores

CVSS v3 7.3

EPSS 0.0085

EPSS Percentile 53.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

pronestor/pronestor_health_monitoring < 8.1.12.0

Published Apr 01, 2019

Tracked Since Feb 18, 2026