Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path

vendor:

Sandboxie-Plus

by:

Antonio Cuomo (arkantolo)

5.5

CVSS

MEDIUM

Unquoted Service Path

428

CWE

Product Name: Sandboxie-Plus

Affected Version From: 5.50.2

Affected Version To: 5.50.2

Patch Exists: NO

Related CWE:

CPE: sandboxie-plus:5.50.2

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64

2022

Sandboxie-Plus 5.50.2 – ‘Service SbieSvc’ Unquoted Service Path

The 'Service SbieSvc' in Sandboxie-Plus version 5.50.2 has an unquoted service path vulnerability. This allows an attacker with local access to escalate privileges by placing a malicious executable with the same name in a higher-priority directory.

Mitigation:

To mitigate this vulnerability, the vendor should update the service path to use quotes around the executable's path.

Source

Exploit-DB raw data:

# Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : David Xanatos
# Version : SbieSvc 5.50.2
# Vendor Homepage :  https://sandboxie-plus.com/
# Tested on OS: Windows 10 Pro x64

#PoC :
==============

C:\>sc qc SbieSvc
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: SbieSvc
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:\Program Files\Sandboxie-Plus\SbieSvc.exe
        GRUPPO_ORDINE_CARICAMENTO : UIGroup
        TAG                       : 0
        NOME_VISUALIZZATO         : Sandboxie Service
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem