PassFab RAR Password Recovery Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in PassFab RAR Password Recovery version 9.3.2. This vulnerability involves a structured exception handler (SEH) buffer overflow, which local attackers can exploit to execute arbitrary code. The issue arises when a malicious payload is crafted with a buffer overflow, a non-sequential exception handler (NSEH) jump, and shellcode. Attackers can paste this payload into the 'Licensed E-mail and Registration Code' field during the registration process to trigger code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, first create a payload that includes a buffer overflow, an NSEH jump, and shellcode. This can be done using a Python script that writes the payload to a file. After creating the payload, open PassFab RAR Password Recovery and navigate to the registration window. Paste the payload from the file into the 'Licensed E-mail and Registration Code' field and click 'Register'. This will execute the injected code, in this case, opening the Windows calculator application.