Platform
windows
Component
sandboxie
Fixed in
1.14.7
CVE-2024-49360 describes a critical Path Traversal vulnerability affecting Sandboxie, a sandbox-based isolation software for Windows. This flaw allows an authenticated attacker to read files belonging to other users within the sandbox environment, potentially leading to data exposure and privilege escalation. The vulnerability impacts versions of Sandboxie up to and including 1.14.6 and 5.69.6, with a fix available in version 1.14.6.
The impact of CVE-2024-49360 is significant due to the potential for unauthorized access to sensitive user data. An attacker, already authenticated within the Sandboxie environment and capable of using explorer.exe or cmd.exe outside a sandbox, can exploit this vulnerability to read files located in shared sandbox directories like C:\Sandbox\UserB\xxx. This bypasses standard Windows user permissions, where C:\Users\UserA is typically not readable by UserB. The vulnerability affects all files edited or created during sandbox processing, including documents, configuration files, and potentially credentials. Successful exploitation could lead to identity theft, data breaches, and further compromise of the affected system.
CVE-2024-49360 was published on 2024-11-29. The vulnerability's ease of exploitation, combined with Sandboxie's widespread use for security isolation, suggests a potential for active exploitation. There are currently no publicly available exploits, but the vulnerability's simplicity increases the likelihood of rapid exploitation development. It is not currently listed on CISA KEV. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.14% (33% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-49360 is to immediately upgrade Sandboxie to version 1.14.6 or later. If upgrading is not immediately feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. While no direct WAF rules can prevent this vulnerability, restricting access to the C:\Sandbox directory via file system permissions (if possible) might offer a limited layer of defense. Monitor Sandboxie logs for unusual file access patterns. After upgrading, confirm the fix by attempting to access files in another user's sandbox directory with an attacker-simulated account; access should be denied.
Update to a patched version of Sandboxie when available. As a temporary measure, limit access to your system using Sandboxie and avoid sharing folders between users in the same Sandboxie instance.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-49360 is a critical Path Traversal vulnerability in Sandboxie versions up to 1.14.6 / 5.69.6, allowing authenticated attackers to read files from other users' sandboxes.
You are affected if you are using Sandboxie versions 1.14.6 or earlier, or 5.69.6 or earlier. Check your installed version and upgrade immediately.
Upgrade Sandboxie to version 1.14.6 or later to resolve this vulnerability. If immediate upgrade is not possible, consider temporary workarounds like restricting access to the Sandbox directory.
While no public exploits are currently available, the vulnerability's simplicity suggests a potential for rapid exploitation. Monitor security advisories for updates.
Refer to the official Sandboxie website and security advisories for the latest information and updates regarding CVE-2024-49360.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.