PT-2026-37231 · Unknown · Sandboxie Plus
David Xanat
·
Published
2026-05-05
·
Updated
2026-05-05
·
CVE-2026-34596
CVSS v4.0
5.4
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Sandboxie-Plus versions prior to 1.17.3
Description
A Time-of-Check-to-Time-of-Use (TOCTOU) race condition occurs during addon installation. When installing an addon via the SandMan interface, the
SbieSvc service spawns UpdUtil.exe with SYSTEM privileges, which stages files in the user-writable %TEMP%sandboxie-updater directory. After UpdUtil.exe verifies file hashes against the signed addon manifest, install.bat extracts files.cab and executes config.exe. An unprivileged user can replace files.cab with a crafted cabinet containing a malicious executable between the hash verification and extraction steps, leading to the execution of the malicious file as SYSTEM without requiring a UAC prompt. A TOCTOU race condition is a software bug where the state of a resource changes between the time it is checked and the time it is used.Recommendations
Update to version 1.17.3.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sandboxie Plus