CVE-2026-34461

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3

Description The SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID SBIE INI RUN SBIE CTRL message is processed before standard sandbox and impersonation checks. For callers not in a sandbox, the handler uses memcpy() to copy the trailing message payload into a fixed-size ctrlCmd[128] stack buffer without verifying if the length fits. Because the service pipe is created with a NULL DACL (Discretionary Access Control List), which is a security descriptor that allows any user access, any local interactive process can connect and send an oversized payload to overflow the stack. This may result in a crash of the SbieSvc service or potential code execution with SYSTEM privileges.

Recommendations Update to version 1.17.3.