Vulnerabilities > CVE-2018-18748 - Unspecified vulnerability in Sandboxie 5.26

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sandboxie

critical

NVD

Published: 2018-10-29

Updated: 2024-11-21

Summary

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality

Vulnerable Configurations

Part	Description	Count
Application	Sandboxie Sandboxie Sandboxie 5.26	1

References

https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/
https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc
https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc