CVE-2008-20001
activePDF WebGrabber ActiveX Control Buffer Overflow
Vexday Risk Score
36Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 7.5EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
26 ago 2008Exploit Metasploit disponible
30 ago 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
activePDF · WebGrabber¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://documentation.activepdf.com/WebGrabber_GS/b_installation/New_Installation.htmlhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rbhttps://support.activepdf.com/support/solutions/35000139131https://web.archive.org/web/20081219180353/http://www.activepdf.com/products/serverproducts/webgrabber/https://www.exploit-db.com/exploits/16635https://www.vulncheck.com/advisories/activepdf-webgrabber-activex-control-buffer-overflow