Stack-Based Buffer Overflow in activePDF WebGrabber ActiveX Control
CVE-2008-20001

7.5HIGH

Key Information:

Vendor

ActivePDF

Status
Webgrabber
Vendor
CVE Published:
30 August 2025

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 54%

What is CVE-2008-20001?

The activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability within the GetStatus() method of the APWebGrb.ocx ActiveX control. This issue arises when an attacker sends an excessively long string to this method, potentially allowing arbitrary code execution in the context of the process running the affected control. Although this ActiveX control is not marked safe for scripting, it can still be exploited if executed within crafted HTML content in Internet Explorer, particularly under configurations with lenient security settings.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WebGrabber * <= 3.8.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-20001 - Proof of Concept

CVE-2008-20001 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...
exploit
https://www.exploit-db.com/exploits/16635
exploit
https://web.archive.org/web/20081219180353/http://www.act...
product

EPSS Score

54% chance of being exploited in the next 30 days.

CVSS V4

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

MC
JSON
.