{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25218", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-26T13:17:49.382Z", "datePublished": "2026-03-26T13:24:18.014Z", "dateUpdated": "2026-03-28T02:19:51.015Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:18.014Z"}, "datePublic": "2018-12-16T00:00:00.000Z", "title": "PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "descriptions": [{"lang": "en", "value": "PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Passfab", "product": "RAR Password Recovery", "versions": [{"version": "9.3.2", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:krylack:rar_password_recovery:9.3.2:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46008", "name": "ExploitDB-46008", "tags": ["exploit"]}, {"url": "https://www.passfab.com/products/rar-password-recovery.html", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.passfab.com/downloads/passfab-rar-password-recovery.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/passfab-rar-password-recovery-seh-buffer-overflow"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-28T02:19:42.332136Z", "id": "CVE-2018-25218", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T02:19:51.015Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Passfab", "product": "RAR Password Recovery", "versions": [{"status": "affected", "version": "9.3.2"}]}], "datePublic": "2018-12-16T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46008", "name": "ExploitDB-46008", "tags": ["exploit"]}, {"url": "https://www.passfab.com/products/rar-password-recovery.html", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.passfab.com/downloads/passfab-rar-password-recovery.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/passfab-rar-password-recovery-seh-buffer-overflow", "name": "VulnCheck Advisory: PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:krylack:rar_password_recovery:9.3.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:18.014Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25218", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-28T02:19:42.332136Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-28T02:19:47.118Z"}}]}, "cveMetadata": {"cveId": "CVE-2018-25218", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:24:18.014Z", "dateReserved": "2026-03-26T13:17:49.382Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-26T13:24:18.014Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution."}], "id": "CVE-2018-25218", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-26T14:16:05.900", "references": [{"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/46008"}, {"source": "[email protected]", "url": "https://www.passfab.com/downloads/passfab-rar-password-recovery.exe"}, {"source": "[email protected]", "url": "https://www.passfab.com/products/rar-password-recovery.html"}, {"source": "[email protected]", "url": "https://www.vulncheck.com/advisories/passfab-rar-password-recovery-seh-buffer-overflow"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.3.2"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "rar_password_recovery", "vendor": "krylack"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.3.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RAR Password Recovery", "source": "cna", "vendor": "Passfab"}, "product": "rar_password_recovery", "vendor": "passfab"}], "analysis": {"en": {"generated_at": "2026-03-26T15:05:20.895104+00:00", "value": {"mitigation_remediation": ["Update PassFab RAR Password Recovery to the latest version released by the vendor.", "If a newer version is unavailable, stop using the registration feature or remove the application from the system.", "Verify that the application no longer prompts for a registration code before use.", "Keep the operating system and anti\u2011virus software up to date to mitigate any secondary attacks."], "summary": {"action": "Patch Now", "impact": "Local Code Execution"}, "threat_synthesis": {"affected_systems": "The only affected product listed is PassFab RAR Password Recovery 9.3.2. No other versions or variants are indicated as vulnerable. Users running this specific version should be aware that the remediation addresses this build exclusively.", "description_and_impact": "PassFab RAR Password Recovery version 9.3.2 contains a structured exception handler buffer overflow that allows a local attacker to execute arbitrary code. By entering a crafted payload in the \u2018Licensed E\u2011mail and Registration Code\u2019 field during the registration process, the overflow overwrites the SEH chain and redirects execution to attacker\u2011supplied shellcode. The vulnerability is characterized as a memory corruption flaw (CWE\u2011787) and can lead to full compromise of the compromised machine.", "risk_and_exploitability": "The CVSS score of 8.6 classifies the issue as high severity. EPSS is not available, and the vulnerability is not yet in the KEV catalog, suggesting limited public exploitation at the time of disclosure. The vulnerability is exploitable from within the local machine; an attacker must launch the program and supply the malicious payload. Because the attack vector relies on local user execution and a specific form input, the exploit is considered to have a moderate likelihood, yet the potential impact is complete system compromise if the attacker has sufficient privileges to run the application."}}}}, "created": "2026-03-27T08:34:24.006981+00:00", "updated": "2026-03-27T09:26:52.950385+00:00", "vendors": ["krylack", "krylack$PRODUCT$rar_password_recovery", "passfab", "passfab$PRODUCT$rar_password_recovery"]}