CVE-2018-25219

PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/46301
https://www.passfab.com/downloads/passfab-excel-password-recovery.exe
https://www.passfab.com/products/excel-password-recovery.html
https://www.vulncheck.com/advisories/passfab-excel-password-recovery-seh-buffer-overflow

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-26 14:16

Updated : 2026-03-26 15:13

NVD link : CVE-2018-25219

Mitre link : CVE-2018-25219

CVE.ORG link : CVE-2018-25219

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2018-25219", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-26T14:16:06.090", "references": [{"url": "https://www.exploit-db.com/exploits/46301", "source": "disclosure@vulncheck.com"}, {"url": "https://www.passfab.com/downloads/passfab-excel-password-recovery.exe", "source": "disclosure@vulncheck.com"}, {"url": "https://www.passfab.com/products/excel-password-recovery.html", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/passfab-excel-password-recovery-seh-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process."}, {"lang": "es", "value": "PassFab Excel Password Recovery 8.3.1 contiene una vulnerabilidad de desbordamiento de b\u00fafer de manejo de excepciones estructurado que permite a atacantes locales ejecutar c\u00f3digo arbitrario al proporcionar una carga \u00fatil maliciosa en el campo de c\u00f3digo de registro. Los atacantes pueden crear una carga \u00fatil de desbordamiento de b\u00fafer con un gadget pop-pop-ret y shellcode que desencadena la ejecuci\u00f3n de c\u00f3digo cuando se pega en el campo de correo electr\u00f3nico con licencia y c\u00f3digo de registro durante el proceso de registro."}], "lastModified": "2026-03-26T15:13:15.790", "sourceIdentifier": "disclosure@vulncheck.com"}