Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges…

CVE-2021-47883 affects Sandboxie Plus 0.7.2, containing an unquoted service path vulnerability in the SbieSvc service. Local attackers can exploit this flaw to execute malicious code with elevated privileges. The vulnerability allows injection of malicious executables into the unquoted binary path. These malicious files will be launched with LocalSystem permissions during service startup. This represents a privilege escalation vulnerability that could lead to complete system compromise by local attackers.