Description
PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.
Published: 2026-03-26
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local code execution via SEH buffer overflow
Action: Immediate Patch
AI Analysis

Impact

PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow that can be triggered by entering a crafted payload in the registration code field. The vulnerability allows a local attacker to execute arbitrary code, gaining full control of the host machine. The weakness is identified as a memory corruption flaw (CWE‑787).

Affected Systems

PassFab’s Excel Password Recovery, version 8.3.1 is affected. No other versions are mentioned in the advisory.

Risk and Exploitability

The CVSS score of 8.6 flags the issue as high severity, while an EPSS score below 1% suggests a low probability of current exploitation. It is not listed in the CISA KEV catalog. Attackers would need local access to supply the malicious input during the registration process, making the vector a local exploitation scenario that grants code execution.

Generated by OpenCVE AI on March 31, 2026 at 16:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the newest release of PassFab Excel Password Recovery that addresses the SEH buffer overflow, if available.
  • Restrict installation and use of the application to trusted users, and monitor for unauthorized execution attempts.
  • If an update is not available, consider disabling the registration feature or removing the application from the system until a patch is released.

Generated by OpenCVE AI on March 31, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:passfab:excel_password_recovery:*:*:*:*:*:*:*:*

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Passfab
Passfab excel Password Recovery
Vendors & Products Passfab
Passfab excel Password Recovery

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.
Title PassFab Excel Password Recovery 8.3.1 SEH Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Passfab Excel Password Recovery
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T14:29:18.899Z

Reserved: 2026-03-26T13:19:02.108Z

Link: CVE-2018-25219

cve-icon Vulnrichment

Updated: 2026-03-26T14:29:13.811Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T14:16:06.090

Modified: 2026-03-31T15:07:22.140

Link: CVE-2018-25219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:06Z

Weaknesses