CVE-2018-25218
Published: 26 March 2026
Summary
CVE-2018-25218 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Passfab Rar Password Recovery. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
PassFab RAR Password Recovery version 9.3.2 is affected by CVE-2018-25218, a structured exception handler (SEH) buffer overflow vulnerability classified under CWE-787. This flaw enables local attackers to execute arbitrary code by supplying a malicious payload that overflows a buffer in the application's registration process. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a low-complexity local attack requiring no privileges or user interaction.
A local attacker can exploit this vulnerability by crafting a payload incorporating a buffer overflow, next SEH (NSEH) jump, and shellcode, then pasting it into the 'Licensed E-mail and Registration Code' field during the software's registration procedure. Successful exploitation triggers the SEH overflow, allowing arbitrary code execution with the privileges of the running process, potentially leading to full system compromise on the affected Windows system.
Advisories and references, including a detailed exploit on Exploit-DB (exploit 46008) and a Vulncheck advisory, document the issue and proof-of-concept exploitation details. Vendor pages for PassFab RAR Password Recovery provide download and product information, but no specific patches or mitigations are outlined in the available references. Security practitioners should advise against using version 9.3.2 and recommend isolating or replacing the software.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21694
Vulnerability details
PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode,…
more
then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SEH buffer overflow in desktop client app directly enables local arbitrary code execution via crafted input to registration fields (CWE-787).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of the known SEH buffer overflow vulnerability in PassFab RAR Password Recovery 9.3.2 through patching, updating, or removal to eliminate the exploitable flaw.
Implements memory protection mechanisms such as DEP, ASLR, and stack canaries to block arbitrary code execution from crafted SEH buffer overflow payloads.
Mandates validation of user inputs in the 'Licensed E-mail and Registration Code' field to reject oversized or malformed payloads that trigger the buffer overflow.