PassFab RAR Password Recovery 9.3.2 contains a structured exception handler buffer overflow that allows a local attacker to execute arbitrary code. By injecting a specially crafted payload into the 'Licensed E‑mail and Registration Code' field when registering, the attacker can overflow the SEH pointer, redirect execution to malicious shellcode, and gain programmatic control over the process. This vulnerability gives the attacker the same privileges as the user running the software, potentially allowing full system compromise. The weakness is a classic out‑of‑bounds write (CWE‑787).

Affected is the Passfab RAR Password Recovery application, specifically version 9.3.2. The CPE data confirms that the vulnerability exists only in this exact version. No other version ranges are listed, so earlier or later renditions may not be impacted, but the official CNA product name is Passfab:RAR Password Recovery and the CPE indicates9.3.2 as the vulnerable release.

The CVSS base score is 8.6, classifying it as high severity. The EPSS score is below 1 %, indicating a low probability of exploitation in the wild, and it has not been catalogued in CISA’s KEV list. The attack vector is local; an attacker must be able to run the program and provide input in the registration field. Because the flaw permits arbitrary code execution, the risk includes full control over the local machine. Administrators should treat it as a critical vulnerability when considering users who run the software with elevated privileges.