Pmain

**Name of the Vulnerable Software and Affected Versions** Sandboxie (affected versions not specified) **Description** Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (`UserA`) without privileges can read files created in a sandbox belonging to other users within the `C:SandboxUserBxxx` folders. An attacker using `explorer.exe` or `cmd.exe` outside of a sandbox can also read other users' files in `C:Sandboxxxx`. The issue involves Sandboxie failing to reset Access Control Lists (ACLs) when a user creates a folder (`C:SandboxUserA`) with malicious ACLs, potentially allowing unauthorized access to files. All files edited or created during sandbox processing are affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.