Plattform
windows
Komponente
sandboxie
Behoben in
1.14.7
CVE-2024-49360 describes a critical Path Traversal vulnerability affecting Sandboxie, a sandbox-based isolation software for Windows. This flaw allows an authenticated attacker to read files belonging to other users within the sandbox environment, potentially leading to data exposure and privilege escalation. The vulnerability impacts versions of Sandboxie up to and including 1.14.6 and 5.69.6, with a fix available in version 1.14.6.
The impact of CVE-2024-49360 is significant due to the potential for unauthorized access to sensitive user data. An attacker, already authenticated within the Sandboxie environment and capable of using explorer.exe or cmd.exe outside a sandbox, can exploit this vulnerability to read files located in shared sandbox directories like C:\Sandbox\UserB\xxx. This bypasses standard Windows user permissions, where C:\Users\UserA is typically not readable by UserB. The vulnerability affects all files edited or created during sandbox processing, including documents, configuration files, and potentially credentials. Successful exploitation could lead to identity theft, data breaches, and further compromise of the affected system.
CVE-2024-49360 was published on 2024-11-29. The vulnerability's ease of exploitation, combined with Sandboxie's widespread use for security isolation, suggests a potential for active exploitation. There are currently no publicly available exploits, but the vulnerability's simplicity increases the likelihood of rapid exploitation development. It is not currently listed on CISA KEV. Monitor security advisories and threat intelligence feeds for updates.
Organizations and individuals relying on Sandboxie for application isolation are at risk, particularly those with multiple user accounts sharing sandbox environments. Legacy systems running older, unpatched versions of Windows and Sandboxie are especially vulnerable. Shared hosting environments where multiple users share a single server and utilize Sandboxie are also at increased risk.
• windows / supply-chain:
Get-Process -Name Sandboxie | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 4688 and ProcessName='Sandboxie.exe'"• windows / supply-chain:
reg query "HKLM\SOFTWARE\Sandboxie\Sandbox" /v DefaultBoxdisclosure
Exploit-Status
EPSS
0.14% (33% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-49360 is to immediately upgrade Sandboxie to version 1.14.6 or later. If upgrading is not immediately feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. While no direct WAF rules can prevent this vulnerability, restricting access to the C:\Sandbox directory via file system permissions (if possible) might offer a limited layer of defense. Monitor Sandboxie logs for unusual file access patterns. After upgrading, confirm the fix by attempting to access files in another user's sandbox directory with an attacker-simulated account; access should be denied.
Aktualisieren Sie auf eine gepatchte Version von Sandboxie, sobald verfügbar. Als vorübergehende Maßnahme beschränken Sie den Zugriff auf Ihr System mit Sandboxie und vermeiden Sie das Freigeben von Ordnern zwischen Benutzern in derselben Sandbox-Instanz.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-49360 is a critical Path Traversal vulnerability in Sandboxie versions up to 1.14.6 / 5.69.6, allowing authenticated attackers to read files from other users' sandboxes.
You are affected if you are using Sandboxie versions 1.14.6 or earlier, or 5.69.6 or earlier. Check your installed version and upgrade immediately.
Upgrade Sandboxie to version 1.14.6 or later to resolve this vulnerability. If immediate upgrade is not possible, consider temporary workarounds like restricting access to the Sandbox directory.
While no public exploits are currently available, the vulnerability's simplicity suggests a potential for rapid exploitation. Monitor security advisories for updates.
Refer to the official Sandboxie website and security advisories for the latest information and updates regarding CVE-2024-49360.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.