CVE-2008-20001

HIGH

activePDF WebGrabber 3.8.2.0 - Buffer Overflow

Title source: llm

Description

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16635

View Code ZIP pw:eip

metasploit WORKING POC LOW

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb

View Code ZIP pw:eip

References (6)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16635

[Various Sources] https://web.archive.org/web/20081219180353/http://www.activepdf.com/products/serverproducts/webgrabber/

[Various Sources] https://support.activepdf.com/support/solutions/35000139131

[Various Sources] https://documentation.activepdf.com/WebGrabber_GS/b_installation/New_Installation.html

[Third Party Advisory] https://www.vulncheck.com/advisories/activepdf-webgrabber-activex-control-buffer-overflow

Scores

CVSS v4 7.5

EPSS 0.5470

EPSS Percentile 98.0%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

activePDF/WebGrabber < 3.8.2.0

Published Aug 30, 2025

Tracked Since Feb 18, 2026