CVE-2008-20001

HIGH

activePDF WebGrabber 3.8.2.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-20001. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/fileformat/activepdf_webgrabber.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in activePDF WebGrabber 3.8 via the GetStatus() method of APWebGrb.ocx. It generates an HTML file with malicious JavaScript that triggers the vulnerability, leading to arbitrary code execution.

Description

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16635

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in activePDF WebGrabber 3.8 via the GetStatus() method of APWebGrb.ocx. It generates an HTML file with malicious JavaScript that triggers the vulnerability, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: activePDF WebGrabber 3.8 (APWebGrb.ocx 3.8.2.0)

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable browser with ActiveX enabled

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC LOW

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in activePDF WebGrabber 3.8 via an overly long string passed to the GetStatus() method of the APWebGrb.ocx ActiveX control. It generates an HTML file with embedded JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: activePDF WebGrabber 3.8 (APWebGrb.ocx 3.8.2.0)

No auth needed

Prerequisites: Target must have activePDF WebGrabber 3.8 installed · Target must open the malicious HTML file in a vulnerable browser (e.g., IE 6/7)

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/16635

Various Sources product

https://web.archive.org/web/20081219180353/http://www.activepdf.com/products/serverproducts/webgrabber/

Various Sources product

https://support.activepdf.com/support/solutions/35000139131

Various Sources product

https://documentation.activepdf.com/WebGrabber_GS/b_installation/New_Installation.html

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/activepdf-webgrabber-activex-control-buffer-overflow

Scores

CVSS v4 7.5

EPSS 0.0102

EPSS Percentile 58.9%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

activePDF/WebGrabber < 3.8.2.0

Published Aug 30, 2025

Tracked Since Feb 18, 2026