CVE-2008-5492

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-5492. PoCs published by Metasploit, r0ut3r, MC, including Metasploit module exploits/windows/browser/verypdf_pdfview.

AI-analyzed exploit summary This exploit targets a heap buffer overflow in the VeryPDF PDFView ActiveX control (CVE-2008-5492) by crafting a malicious HTML page that triggers arbitrary code execution via the OpenPDF method. It uses JavaScript to manipulate memory and deliver a payload.

Description

Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16520

View Code ZIP pw:eip

This exploit targets a heap buffer overflow in the VeryPDF PDFView ActiveX control (CVE-2008-5492) by crafting a malicious HTML page that triggers arbitrary code execution via the OpenPDF method. It uses JavaScript to manipulate memory and deliver a payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VeryPDF PDFView ActiveX control

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · VeryPDF PDFView ActiveX control must be installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by r0ut3r · htmldoswindows

https://www.exploit-db.com/exploits/7126

View Code ZIP pw:eip

This exploit targets a heap overflow vulnerability in VeryPDF PDFView OCX ActiveX control (CVE-2008-5492). It triggers the vulnerability by passing a long string of 'A' characters to the OpenPDF method, leading to a crash and potential arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VeryPDF PDFView OCX ActiveX 2.0.0.1

No auth needed

Prerequisites: Victim must open the malicious HTML file in a browser with the vulnerable ActiveX control installed

MITRE ATT&CK

T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by r0ut3r · textdoswindows

https://www.exploit-db.com/exploits/32587

View Code ZIP pw:eip

This exploit targets a heap buffer overflow in the VeryPDF PDFView ActiveX control by supplying an overly long string to the OpenPDF method, potentially leading to arbitrary code execution or denial-of-service.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VeryPDF PDFView ActiveX control

No auth needed

Prerequisites: Victim must have the vulnerable ActiveX control installed and enabled in a browser that supports VBScript

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/verypdf_pdfview.rb

View Code ZIP pw:eip

This Metasploit module exploits a heap buffer overflow in the VeryPDF PDFView ActiveX control (CVE-2008-5492) by delivering a malicious HTML page that triggers the vulnerability via the OpenPDF method, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VeryPDF PDFView ActiveX control (clsid:433268D7-2CD4-43E6-AA24-2188672E7252)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · VeryPDF PDFView ActiveX control must be installed and enabled in the browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →