Vulnerability Details CVE-2018-25219
PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.2%
CVSS Severity
CVSS v3 Score 8.4
References
Products affected by CVE-2018-25219
-
cpe:2.3:a:passfab:excel_password_recovery:*