CVE-2008-20001

N/A Unknown

Published: August 30, 2025 Modified: April 15, 2026

Description

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://documentation.activepdf.com/WebGrabber_GS/b_installation/New_Installation.html

Source: disclosure@vulncheck.com

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb

Source: disclosure@vulncheck.com

https://support.activepdf.com/support/solutions/35000139131

Source: disclosure@vulncheck.com

https://web.archive.org/web/20081219180353/http://www.activepdf.com/products/serverproducts/webgrabber/

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/16635

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/activepdf-webgrabber-activex-control-buffer-overflow

Source: disclosure@vulncheck.com

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

54.7%

98th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-121

Related CVEs

CVE-2026-6499 N/A

CVE-2026-6266 8.3

CVE-2026-4928 N/A

CVE-2026-34032 5.3

CVE-2026-33857 5.3