Sandboxie Local Denial-of-Service Vulnerability in Kernel Driver

A local denial-of-service vulnerability has been identified in the Sandboxie kernel driver, affecting versions through 1.17.2. The issue arises when an unprivileged process running inside a Standard Sandbox sends a malformed IOCTL to the SandboxieDriverApi driver. This action triggers an immediate kernel crash, causing a Blue Screen of Death (BSOD) on the host system. The vulnerability impacts the Standard Sandbox configuration, regardless of administrator privilege settings, but does not affect the Security Hardened Sandbox configuration.

Impact

Exploitation of this vulnerability leads to a complete system crash, causing the host operating system to become unresponsive and requiring a manual reboot. This disruption can result in data loss.

Reproduction

To reproduce this vulnerability, launch a process within a Standard Sandbox environment using Sandboxie-Plus version 1.17.2. Once the process is running, compile and execute a C++ program that sends a malformed IOCTL to the Sandboxie kernel driver. This program can be created using a C++ compiler and should include the necessary code to open a handle to the SandboxieDriverApi device and send the crafted IOCTL, exploiting the vulnerability by causing a kernel crash.

Remediation

Users are advised to update to Sandboxie-Plus version 1.17.3, which addresses this vulnerability. For those unable to update, switching to the Security Hardened Sandbox configuration can serve as a temporary workaround.