Sign-up

ID

VAR-201708-0949


CVE

CVE-2017-12480


TITLE

Sandboxie Unreliable search path vulnerability in installer

Trust: 0.8

sources: JVNDB: JVNDB-2017-006847

DESCRIPTION

Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory. Sandboxie The installer contains an untrusted search path vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sandboxie is a virtualization software from Sandboxie Holdings, USA. The software supports running other applications in an isolated space and prevents programs from making changes to the system. Sandboxie installer is the installer for Sandboxie. Attackers can use the malicious dwmapi.dll or profapi.dll files in the AppDataLocalTemp directory to exploit this vulnerability to execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2017-12480 // JVNDB: JVNDB-2017-006847 // CNVD: CNVD-2017-28410

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-28410

AFFECTED PRODUCTS

vendor:sandboxiemodel:installerscope:eqversion:5071703

Trust: 2.2

vendor:sandboxie holdingsmodel:installerscope:eqversion:5071703

Trust: 0.8

sources: CNVD: CNVD-2017-28410 // JVNDB: JVNDB-2017-006847 // CNNVD: CNNVD-201708-184 // NVD: CVE-2017-12480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12480
value: HIGH

Trust: 1.0

NVD: CVE-2017-12480
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-28410
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-184
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-12480
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-28410
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-12480
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-28410 // JVNDB: JVNDB-2017-006847 // CNNVD: CNNVD-201708-184 // NVD: CVE-2017-12480

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.8

sources: JVNDB: JVNDB-2017-006847 // NVD: CVE-2017-12480

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-184

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006847

PATCH
title:Top Pageurl:https://www.sandboxie.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006847

EXTERNAL IDS
db:NVDid:CVE-2017-12480
Trust: 3.0
db:JVNDBid:JVNDB-2017-006847
Trust: 0.8
db:CNVDid:CNVD-2017-28410
Trust: 0.6
db:CNNVDid:CNNVD-201708-184
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28410 // 
            
            
            
            JVNDB: JVNDB-2017-006847 // 
            
            
            
            CNNVD: CNNVD-201708-184 // 
            
            
            
            NVD: CVE-2017-12480

REFERENCES
url:https://medium.com/@bayinmin/cve-2017-12480-sandboxie-installer-dll-hijacking-or-unsafe-dll-loading-vulnerability-41ad0562f41
Trust: 1.4
url:https://medium.com/%40bayinmin/cve-2017-12480-sandboxie-installer-dll-hijacking-or-unsafe-dll-loading-vulnerability-41ad0562f41
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12480
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-12480
Trust: 0.8
url:https://medium.com/@bayinmin/cve
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28410 // 
            
            
            
            JVNDB: JVNDB-2017-006847 // 
            
            
            
            CNNVD: CNNVD-201708-184 // 
            
            
            
            NVD: CVE-2017-12480

SOURCES
db:CNVDid:CNVD-2017-28410
db:JVNDBid:JVNDB-2017-006847
db:CNNVDid:CNNVD-201708-184
db:NVDid:CVE-2017-12480

LAST UPDATE DATE
2025-04-20T23:34:19.244000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-28410date:2017-09-26T00:00:00
db:JVNDBid:JVNDB-2017-006847date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201708-184date:2017-08-09T00:00:00
db:NVDid:CVE-2017-12480date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-28410date:2017-09-26T00:00:00
db:JVNDBid:JVNDB-2017-006847date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201708-184date:2017-08-09T00:00:00
db:NVDid:CVE-2017-12480date:2017-08-06T04:29:00.217