[News] 0 day discovered in Sandboxie

[Aura]

Hey guys Aura here,

I was just wondering if you were aware that there's a 0-day in every version of Sandboxie right now. As it been reported it already or not ? If not, I'll add more information to it. If it is, just close this thread please.

It's a 0-day that have been discovered by one of my friend on HF. He reported it to Sandboxie but didn't get a reply for it yet. He made 2-3 videos showing it and even Teamviewed into one of my Windows 7 Professional SP1 64-bits VM to show me it and it worked flawlessly.

What do you think ?

 

[Malware1]

Yes, I know about it. You mean bypassing Sandboxie?

Edit:
VIDEO:



The screen is black while the UAC alert is displayed.

 

[WinXPert]

You mean the changes bleeding out of Sandboxie?

 

[Malware1]

You mean the changes bleeding out of Sandboxie?

I saw a malware which displays windows outside the sandbox. It was uploaded in one of the packs.

 

[Aura]

I saw a malware which displays windows outside the sandbox. It was uploaded in one of the packs.

Yes this one.
You can bypass Sandboxie and open a command prompt console (or any other programs I guess) outside of the Sandboxie environment, with Admin Rights too. IcYSeptember reported it on HF, I can link the thread or quote it here if needed for more information as well as link the videos (Youtube) ?

 

[Malware1]

Yes this one.
You can bypass Sandboxie and open a command prompt console (or any other programs I guess) outside of the Sandboxie environment, with Admin Rights too. IcYSeptember reported it on HF, I can link the thread or quote it here if needed for more information as well as link the videos (Youtube) ?

Can you send me the thread link in a PM ?

 

[Aura]

Can you send me the thread link in a PM ?

Of course. Sending it right away.

 

[Deleted member 178]

Sbie with default setting let the process run but contain the changes to the system.

@Aura : what you mean by "a zero day in every version" , more details will be appreciated ^^

 

[WinXPert]

Can you PM me the link too @Aura ?

 

[Aura]

Sbie with default setting let the process run but contain the changes to the system.

@Aura : what you mean by "a zero day in every version" , more details will be appreciated ^^

Apparently, this vulnerability is present in the latest version of Sandboxie (that IcY used) and applies in all the ones prior to it.
He managed to create files directly on my desktop, not the desktop inside Sandboxie.

Can you PM me the link too @Aura ?

Yeah sure give me a few seconds.

 

[Malware1]

I will start searching the sample right now. I'm sure I still have it.

 

[cruelsister]

M!- if you find the sample discussed please let me know in which pack to find it.

 

[Malware1]

M!- if you find the sample discussed please let me know in which pack to find it.

I'm talking about different sample, it bypasses Sandboxie too.

 

[Aura]

I'm talking about different sample, it bypasses Sandboxie too.

IcY didn't even use a sample. He found the 0day himself while trying multiple commands in CMD to see what would happen.

 

[Malware1]

The sample is one month older than the thread at HF. I've just found it.

 

[Aura]

The sample is one month older than the thread at HF. I've just found it.

Is it an .exe or .bat script ?
What does it do exactly ?

 

[Malware1]

Is it an .exe or .bat script ?
What does it do exactly ?

EXE file. It displays windows saying "Sorry our server is down. Please try again later" outside the sandbox. It shows the UAC prompt.

 

[Malware1]

Maybe I should make a video too?

EDIT: posted

 

[Aura]

Maybe I should make a video too?

Yeah sire, go ahead and post it here, it'll help.
I'll add IcY's videos too.

 

[Malware1]

Yeah sire, go ahead and post it here, it'll help.
I'll add IcY's videos too.

Ok, I'll have to find a good screen recorder that records UAC alerts (some display black screen, the video would look fake then).