Primary

Context

RAR Password Recovery Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in RAR Password Recovery version 1.80. This vulnerability allows local attackers to crash the application by sending an oversized payload through the registration dialog. By crafting a string longer than 6000 bytes and pasting it into the User Name and Registration Code fields, attackers can trigger an application crash.

Impact

Exploitation of this vulnerability causes the application to crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first create a text file named 'Evil.txt' containing a payload of 6000 bytes. After the file is created, open RAR Password Recovery 1.80 and navigate to the registration dialog. Paste the contents of 'Evil.txt' into the User Name and Registration Code fields, then click 'OK'. The application will crash, demonstrating the denial-of-service condition.

Added: Mar 11, 2026, 7:35 PM

Updated: Mar 11, 2026, 7:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RAR Password Recovery Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating