CVE-2008-20001 HIGH

CVE-2008-20001: activePDF WebGrabber ActiveX Control Buffer Overflow

Vendor Activepdf
Product WebGrabber
Weakness CWE-121
Published August 30, 2025
Last update May 15, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.

Key dates

02Disclosure timeline

August 30, 2025 CVE published
May 15, 2026 Record updated