Description
PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.
Published: 2026-03-26
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a structured exception handling buffer overflow in the registration process of PassFab Excel Password Recovery. A local attacker can supply a malicious payload in the email and registration code field, which triggers a pop‑pop‑ret gadget and executes arbitrary code. The flaw is a memory corruption issue (CWE‑787) that enables local code execution by the user running the application.

Affected Systems

The affected product is PassFab Excel Password Recovery, version 8.3.1. No other versions or products are listed in the advisory.

Risk and Exploitability

The CVSS base score is 8.6, indicating high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited exploitation in the wild. Attackers need local access and the ability to run the program to supply the payload; therefore the risk is primarily to privileged or local users rather than remote attackers.

Generated by OpenCVE AI on March 26, 2026 at 15:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PassFab Excel Password Recovery to a patched or newer release if one is available.
  • If no update exists, avoid installing or running the software until a vendor patch is released.
  • Enforce application whitelisting or other system hardening measures if the program is not essential.
  • Monitor the vendor’s website and security advisories for an official fix.

Generated by OpenCVE AI on March 26, 2026 at 15:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Passfab
Passfab excel Password Recovery
Vendors & Products Passfab
Passfab excel Password Recovery

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.
Title PassFab Excel Password Recovery 8.3.1 SEH Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Passfab Excel Password Recovery
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T14:29:18.899Z

Reserved: 2026-03-26T13:19:02.108Z

Link: CVE-2018-25219

cve-icon Vulnrichment

Updated: 2026-03-26T14:29:13.811Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T14:16:06.090

Modified: 2026-03-26T15:13:15.790

Link: CVE-2018-25219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:51Z

Weaknesses