Sandboxie-Plus 5.50.2 Service SbieSvc Unquoted Service Path

2022.03.22

Credit: Antonio Cuomo

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : David Xanatos
# Version : SbieSvc 5.50.2
# Vendor Homepage : https://sandboxie-plus.com/
# Tested on OS: Windows 10 Pro x64
#PoC :
==============
C:\>sc qc SbieSvc
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
NOME_SERVIZIO: SbieSvc
TIPO : 10 WIN32_OWN_PROCESS
TIPO_AVVIO : 2 AUTO_START
CONTROLLO_ERRORE : 1 NORMAL
NOME_PERCORSO_BINARIO : C:\Program Files\Sandboxie-Plus\SbieSvc.exe
GRUPPO_ORDINE_CARICAMENTO : UIGroup
TAG : 0
NOME_VISUALIZZATO : Sandboxie Service
DIPENDENZE :
SERVICE_START_NAME : LocalSystem

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sandboxie-Plus 5.50.2 Service SbieSvc Unquoted Service Path

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.