Agnitum Outpost Internet Security Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in Agnitum Outpost Internet Security version 8.1. This vulnerability allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The issue arises in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. Exploitation involves a directory traversal vulnerability in the pipe protocol, enabling an attacker to instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.

Impact

Exploitation of this vulnerability allows for local privilege escalation, enabling an unprivileged user to execute code with SYSTEM privileges.

Reproduction

The vulnerability can be reproduced by exploiting the directory traversal flaw in the named pipe 'acsipc_server' used by the 'acs.exe' component of Agnitum Outpost Internet Security 8.1. After loading a malicious DLL into a directory accessible by the service, the DLL is executed with SYSTEM privileges.