QwikSec

Security Database

CVE

CWE

Training

CVE-2008-20001

Published: Aug 30, 2025

Modified: May 15, 2026

PUBLISHED

Description

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.

Vendor	Product	Versions
activePDF	WebGrabber	affected `0 - <= 3.8.2.0`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb

exploit

https://www.exploit-db.com/exploits/16635

exploit

https://web.archive.org/web/20081219180353/http://www.activepdf.com/products/serverproducts/webgrabber/

product

https://support.activepdf.com/support/solutions/35000139131

product

https://documentation.activepdf.com/WebGrabber_GS/b_installation/New_Installation.html

product

https://www.vulncheck.com/advisories/activepdf-webgrabber-activex-control-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.