Vulnerability in Sandboxie Allows User to Access Other Users' Files
CVE-2024-49360
What is CVE-2024-49360?
The Sandboxie isolation software, designed to create a secure environment for running applications, is susceptible to an issue where an authenticated user can access files belonging to other users within the sandbox folders. Specifically, user-controlled access allows certain files in directories such as C:\Sandbox\UserB\xxx to be read by an attacker with minimal privileges. This vulnerability stems from inadequate access controls related to the management of sandbox ACLs, which do not reset appropriately during sandbox operations. While files in user folders outside of the sandbox remain secure, any files created or modified within the sandbox environment may be compromised. As this vulnerability has yet to be patched, users are strongly advised to restrict access to their systems using Sandboxie until a resolution is available.
Affected Version(s)
Sandboxie < v1.14.6 / 5.69.6