CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-25551

MEDIUM
6.2
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile14.71th
Published2026年3月21日
Last Modified2026年3月23日

Vulnerability Description

Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.

Affected Platforms (CPE)

📦
Sandboxie Plus

Sandboxie

= 5.30

References & Advisories

🔗 https://www.exploit-db.com/exploits/46860
🔗 https://www.sandboxie.com
🔗 https://www.vulncheck.com/advisories/sandboxie-denial-of-service-via-program-alerts-buffer-overflow

相关漏洞威胁

CVE-2018-1874810.0

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), with...

CVE-2017-124807.8

Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll f...

CVE-2021-478837.8

Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute...

CVE-2021-478317.5

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the cont...