CVE-2013-10046
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| agnitum | outpost_internet_security | 8.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation in Agnitum Outpost Internet Security 8.1. It allows an unprivileged user to execute arbitrary code with SYSTEM privileges by exploiting a flaw in the acs.exe component. The component exposes a named pipe that accepts unauthenticated commands. Through a directory traversal weakness in the pipe protocol, an attacker can make the service load and execute a malicious DLL from a location controlled by the user, thereby gaining elevated privileges.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain SYSTEM-level privileges on the affected system. This means they can execute arbitrary code with the highest level of access, potentially leading to full system compromise, unauthorized access to sensitive data, and the ability to install malware or alter system configurations.