Please report any found security vulnerability directly to me at xanatosdavid[at]gmail.com or through the Report a vulnerability form provided by GitHub. Please describe the issue in full detail and, if possible, include a proof of concept exploit.
A sandboxed process with administrative privileges could enable SeManageVolumePrivilege, this allowed it to read MFT data, in case of files smaller than 1 cluster that allowed to read the file payload
fixed in: 1.12.3 / 5.67.3
NtCreateSectionEx was not filtered by the driver
fixed in: 1.8.0 / 5.63.0
AlpcConnectPortEx was not filtered by the driver
fixed in: 1.5.1 / 5.60.1
Sandboxed programs could read the memory of host processes, presumably this was an intentional design decision by the old developers, but it's not required and it's better for privacy not to allow this. Note: You can use ReadIpcPath=$:program.exe to allow read access to unsandboxed processes or processes in other boxes
fixed in: 1.0.16 / 5.55.16
NtGetNextThread was not properly filtered by the Sandboxie driver, hence a sandboxed process could obtain a handle on an unsandboxed thread with write privileges. The issue can be remedied on older Sandboxie versions by enabling EnableObjectFiltering=y
fixed in: 1.0.14 / 5.55.14
NtCreateSymbolicLinkObject was not filtered
fixed in: 1.0.15 / 5.55.15
Hard link creation was not properly filtered
fixed in: 1.0.13 / 5.55.13
When starting COMSRV unboxed, the returned process handle had full access
fixed in: 1.0.9 / 5.55.9
The HostInjectDll mechanism allowed for local privilege escalation
fixed in: 0.7.2 / 5.49.0
"\Device\DeviceApi\CMApi" is now filtered by the driver, this allowed elevated processes to change hardware configuration
fixed in: 0.7.0 / 5.48.0
"\RPC Control\samss lpc" is now filtered by the driver, this allowed elevated processes to change passwords, delete users and alike
fixed in: 0.7.0 / 5.48.0
A race condition in the driver allowed to obtain an elevated rights handle to an unsandboxed process
fixed in: 0.7.0 / 5.48.0
Elevated sandboxed processes could access volumes/disks for reading
fixed in: 0.7.0 / 5.48.0
The registry isolation could be bypassed, present since Windows 10 Creators Update
fixed in: 0.5.4d / 5.46.3
A sandboxed process could start sandboxed as system, even with DropAdminRights in place
fixed in: 0.5.4b / 5.46.1
CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver, this allowed some system options to be changed
fixed in: 0.5.4 / 5.46.0
A bug in the dynamic IPC port handling allowed to bypass IPC isolation
fixed in: 0.5.4 / 5.46.0
Processes could spawn processes outside the sandbox
fixed in: 0.5.4 / 5.46.0
Added print spooler filter to prevent printers from being set up outside the sandbox
fixed in: 0.5.4 / 5.46.0
Sandboxie now strips particularly problematic privileges from sandboxed system tokens. With those, a process could attempt to bypass the sandbox isolation
fixed in: 0.5.4 / 5.46.0
Fixed missing SCM access check for sandboxed services
fixed in: 0.3 / 5.42
Fixed permission issues with sandboxed system processes
fixed in: 0.3 / 5.42
Sandboxed processes could obtain a write handle on non-sandboxed processes
fixed in: 0.2 / 5.41.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。