Home Tools Exploits & CVE's Sandboxie-Plus 5.50.2 Unquoted Service Path

Sandboxie-Plus 5.50.2 Unquoted Service Path

March 14, 2022

593

Sandboxie-Plus version 5.50.2 suffers from an unquoted service path vulnerability.

# Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : David Xanatos
# Version : SbieSvc 5.50.2
# Vendor Homepage :  https://sandboxie-plus.com/
# Tested on OS: Windows 10 Pro x64

#PoC :
==============

C:>sc qc SbieSvc
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: SbieSvc
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:Program FilesSandboxie-PlusSbieSvc.exe
        GRUPPO_ORDINE_CARICAMENTO : UIGroup
        TAG                       : 0
        NOME_VISUALIZZATO         : Sandboxie Service
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem

Sandboxie-Plus 5.50.2 Unquoted Service Path

Follow us on Instagram @thecyberpost

EDITOR PICKS

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

GOM Player 2.3.90.5360 MITM / Remote Code Execution

PaperCut NG/MG 22.0.4 Authentication Bypass

Technitium Installer 4.4 DLL Hijacking