CRITICAL🇵🇱 Wersja polska

CVE-2025-64721

CVSS 9.9v4.0pub. 2025-12-11upd. 2025-12-22

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled value_len without overflow checking. A large value_len (e.g., 0xFFFFFFF0) wraps the allocation size, causing a heap overflow when attacker data is copied into the undersized buffer. This allows sandboxed processes to execute arbitrary code as SYSTEM, fully compromising the host. This issue is fixed in version 1.16.7.

🤖 AI Analysis
How it works

The system service SbieSvc.exe exposes the SbieIniServer::RC4Crypt procedure to processes running in the sandbox. The handler for this procedure adds a fixed header size to a value_len value controlled by the caller without checking for integer overflow. Passing a sufficiently large value_len (e.g., 0xFFFFFFF0) causes the calculated allocation size to wrap around (integer overflow/wraparound), resulting in an undersized heap buffer being allocated. The attacker-supplied data is then copied into this undersized buffer, causing a heap overflow and allowing the attacker to control code execution.

Impact

A malicious process launched inside the sandbox can execute arbitrary code (RCE) with SYSTEM privileges on the host machine, completely compromising the operating system and breaking out of the sandbox isolation.

Mitigation & patch

Sandboxie-Plus should be updated to version 1.16.7, where the issue has been fixed. The update is available in the project repository: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.7

Who is affected

Sandboxie-Plus (Sandboxie) in versions 1.16.6 and earlier, running on 32-bit and 64-bit Windows systems based on NT.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Sandboxie Plus Sandboxie

    APP
    Sandboxie-Plus
    1.14.0 – 1.16.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2026-34458CRITICAL9.3PL ✓ten sam produkt

INI injection w Sandboxie-Plus umożliwia eskalację uprawnień do SYSTEM

CVE-2024-49360CRITICAL9.2PL ✓ten sam produkt

Sandboxie: nieautoryzowany odczyt plików między użytkownikami (path traversal)

CVE-2018-18748CRITICAL10.0ten sam produkt

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system...

CVE-2026-32603HIGH8.2ten sam produkt

Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a lo...

CVE-2026-34459HIGH8.8ten sam produkt

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier,...