Description
Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked.
Published: 2026-03-26
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow that occurs when a user enters an excessively long string into the 'E-Mail and Registrations Code' field. A crafted payload of 5000 bytes can be used to crash the application when the Register button is pressed, resulting in a denial of service. The vulnerability exploits a classic write-to-buffer overflow weakness (CWE-787).

Affected Systems

Only the 8.2.0.0 edition of Excel Password Recovery Professional, distributed by Recoverlostpassword (PassFab), is listed as affected by this vulnerability. No other product versions, vendors, or operating systems are explicitly mentioned in the advisory.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not present in CISA’s KEV catalog. Because the exploit requires that an attacker enters the malicious input into the application’s registration field, it is only a local denial of service that affects the application’s availability; it does not compromise confidentiality, integrity, or privilege escalation.

Generated by OpenCVE AI on March 31, 2026 at 16:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Excel Password Recovery Professional to the latest version that includes the buffer overflow fix
  • If an upgrade is not immediately possible, avoid using the registration or E-Mail and Registrations Code field until a patch is applied
  • Monitor system stability and roll back or stop the application if accidental crashes occur

Generated by OpenCVE AI on March 31, 2026 at 16:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Passfab
Passfab excel Password Recovery
CPEs cpe:2.3:a:passfab:excel_password_recovery:8.2.0.0:*:*:*:*:*:*:*
Vendors & Products Passfab
Passfab excel Password Recovery

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Recoverlostpassword
Recoverlostpassword excel Password Recovery Professional
Vendors & Products Recoverlostpassword
Recoverlostpassword excel Password Recovery Professional

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked.
Title Excel Password Recovery Professional 8.2.0.0 Local Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Passfab Excel Password Recovery
Recoverlostpassword Excel Password Recovery Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T18:25:01.750Z

Reserved: 2026-03-26T13:16:50.673Z

Link: CVE-2018-25215

cve-icon Vulnrichment

Updated: 2026-03-26T18:13:02.496Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T14:16:05.323

Modified: 2026-03-31T15:17:16.393

Link: CVE-2018-25215

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:08Z

Weaknesses