{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25218", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-26T13:17:49.382Z", "datePublished": "2026-03-26T13:24:18.014Z", "dateUpdated": "2026-03-28T02:19:51.015Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:18.014Z"}, "datePublic": "2018-12-16T00:00:00.000Z", "title": "PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "descriptions": [{"lang": "en", "value": "PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Passfab", "product": "RAR Password Recovery", "versions": [{"version": "9.3.2", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:krylack:rar_password_recovery:9.3.2:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46008", "name": "ExploitDB-46008", "tags": ["exploit"]}, {"url": "https://www.passfab.com/products/rar-password-recovery.html", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.passfab.com/downloads/passfab-rar-password-recovery.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/passfab-rar-password-recovery-seh-buffer-overflow"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-28T02:19:42.332136Z", "id": "CVE-2018-25218", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T02:19:51.015Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25218", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-28T02:19:42.332136Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T02:19:47.118Z"}}], "cna": {"title": "PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Passfab", "product": "RAR Password Recovery", "versions": [{"status": "affected", "version": "9.3.2"}]}], "datePublic": "2018-12-16T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46008", "name": "ExploitDB-46008", "tags": ["exploit"]}, {"url": "https://www.passfab.com/products/rar-password-recovery.html", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.passfab.com/downloads/passfab-rar-password-recovery.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/passfab-rar-password-recovery-seh-buffer-overflow", "name": "VulnCheck Advisory: PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:krylack:rar_password_recovery:9.3.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:18.014Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25218", "state": "PUBLISHED", "dateUpdated": "2026-03-28T02:19:51.015Z", "dateReserved": "2026-03-26T13:17:49.382Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-26T13:24:18.014Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:passfab:rar_password_recovery:*:*:*:*:*:*:*:*", "matchCriteriaId": "8213D8A6-BFD0-452D-965A-483D462B5F31", "versionEndIncluding": "9.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution."}, {"lang": "es", "value": "PassFab RAR Password Recovery 9.3.2 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el gestor de excepciones estructuradas (SEH) que permite a atacantes locales ejecutar c\u00f3digo arbitrario al proporcionar una carga \u00fatil maliciosa. Los atacantes pueden dise\u00f1ar una carga \u00fatil con un desbordamiento de b\u00fafer, un salto NSEH y shellcode, y luego pegarla en el campo 'Licensed E-mail and Registration Code' durante el registro para desencadenar la ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2018-25218", "lastModified": "2026-03-31T15:08:51.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-26T14:16:05.900", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46008"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.passfab.com/downloads/passfab-rar-password-recovery.exe"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.passfab.com/products/rar-password-recovery.html"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/passfab-rar-password-recovery-seh-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.3.2"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "rar_password_recovery", "vendor": "krylack"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.3.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RAR Password Recovery", "source": "cna", "vendor": "Passfab"}, "product": "rar_password_recovery", "vendor": "passfab"}], "analysis": {"en": {"generated_at": "2026-03-31T16:27:52.525593+00:00", "value": {"mitigation_remediation": ["Check PassFab\u2019s website for a security patch and install the latest release immediately.", "If no patch is available, avoid using the vulnerable product or disable the registration input to mitigate exploitation.", "Run the application only under a non\u2011administrative user account and monitor for anomalous activity."], "summary": {"action": "Immediate Patch", "impact": "Local Code Execution"}, "threat_synthesis": {"affected_systems": "Affected is the Passfab RAR Password Recovery application, specifically version\u202f9.3.2. The CPE data confirms that the vulnerability exists only in this exact version. No other version ranges are listed, so earlier or later renditions may not be impacted, but the official CNA product name is Passfab:RAR Password Recovery and the CPE indicates9.3.2 as the vulnerable release.", "description_and_impact": "PassFab RAR Password Recovery 9.3.2 contains a structured exception handler buffer overflow that allows a local attacker to execute arbitrary code. By injecting a specially crafted payload into the 'Licensed E\u2011mail and Registration Code' field when registering, the attacker can overflow the SEH pointer, redirect execution to malicious shellcode, and gain programmatic control over the process. This vulnerability gives the attacker the same privileges as the user running the software, potentially allowing full system compromise. The weakness is a classic out\u2011of\u2011bounds write (CWE\u2011787).", "risk_and_exploitability": "The CVSS base score is 8.6, classifying it as high severity. The EPSS score is below 1\u202f%, indicating a low probability of exploitation in the wild, and it has not been catalogued in CISA\u2019s KEV list. The attack vector is local; an attacker must be able to run the program and provide input in the registration field. Because the flaw permits arbitrary code execution, the risk includes full control over the local machine. Administrators should treat it as a critical vulnerability when considering users who run the software with elevated privileges."}}}}, "created": "2026-03-27T08:34:24.006981+00:00", "updated": "2026-03-31T20:09:07.661213+00:00", "vendors": ["krylack", "krylack$PRODUCT$rar_password_recovery", "passfab", "passfab$PRODUCT$rar_password_recovery"]}