Sandbox breakout bug (details omitted) #1714
Labels
Status: Fixed in Next Build
Fixed in the next Sandboxie version
Comments
DavidXanatos
added
under investigation
Priority: High
|
I can confirm the issue and luckily there is already a workaround in place which can be enabled, by adding never the less the issue when not using this enhanced filtering is present and will be fixed ... |
DavidXanatos
added
Status: Fixed in Next Build
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened?
The details of this bug have been sent to @DavidXanatos by email on March 21. This issue only serves to track the fixing (that is, if this is confirmed to be a real bug) progress publicly.
In short, I've found a bug in Sandboxie that presumably lets an attacker break out of the sandbox. This has yet to be confirmed by the developers, though.
To Reproduce
Described in the email.
Expected behavior
Sandboxed programs should not be allowed to escape.
What is your Windows edition and version?
Windows 10 Home 20H2 (19042.1466) 64-bit
In which Windows account you have this problem?
A local or Microsoft account without special changes.
Please mention any installed security software
Built-in realtime protection in Windows 10
What version of Sandboxie are you running?
Sandboxie Classic v5.55.13 64-bit
Is it a regression?
No response
List of affected browsers
No response
In which sandbox type you have this problem?
I only reproduced it with Sandboxie Classic.
Is the sandboxed program also installed outside the sandbox?
No, it is not installed in the real system.
Can you reproduce this problem on an empty sandbox?
I can confirm it also on an empty sandbox.
Did you previously enable some security policy settings outside Sandboxie?
No response
Crash dump
No response
Trace log
No response
Sandboxie.ini configuration
No response
Sandboxie-Plus.ini configuration (for Plus interface issues)
No response
The text was updated successfully, but these errors were encountered: