CVE-2025-64721

CVE-2025-64721 affects Sandboxie versions 1.16.6 and earlier. The SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes, where a caller-controlled value_len is not overflow-checked. A large value_len (e.g., 0xFFFFFFF0) can wrap the allocation size, causing a heap...

CVE-2025-64721 Sandboxie's Integer Overflow in SbieIniServer::RC4Crypt allows sandbox escape and SYSTEM compromise

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled valuelen...

PT-2025-50734

Name of the Vulnerable Software and Affected Versions Sandboxie versions 1.16.6 and below Description Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. The SYSTEM-level service SbieSvc.exe exposes the SbieIniServer::RC4Crypt function to...

Bifrost 1.2.1 - Remote Buffer OverFlow

No description provided by source. !/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi % lenkey % 256 boxi, boxx = boxx, boxi x =...

Bifrost 1.2.1 Remote Buffer Overflow

!/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi % lenkey % 256 boxi, boxx = boxx, boxi x = 0 y = 0 out = for char in data: x ...