CNNVD-202508-3666 Information

Aug 30, 2025 cve

CNNVD ID

CNNVD-202508-3666

CVE-2008-20001

CNNVD Published: 2025-08-30

Description (Chinese)

ActivePDF WebGrabber是ActivePDF开源的一款服务器端的HTML/URL到PDF转换控件。 ActivePDF WebGrabber 3.8.2.0版本存在安全漏洞，该漏洞源于APWebGrb.ocx ActiveX控件的GetStatus方法存在栈缓冲区溢出，可能导致执行任意代码。

Description (English)

ActivePDF WebGrabber is an HTML/URL to PDF conversion control for an ActivePDF open-source server. There is a security loophole in version 3.8.2.0 of ActivePDF WebGrabber, which originates from the GetStatus method of APWebGrb.ocx ActiveX control, which spills over the stowage buffer and may lead to the implementation of arbitrary codes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ActivePDF

Published

2025-08-30

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories https://www.exploit-db.com/exploits/16635 http://www.activepdf.com/products/serverproducts/webgrabber/ https://web.archive.org/web/20081219180353/ https://support.activepdf.com/support/solutions/35000139131 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/activepdf_webgrabber.rb https://documentation.activepdf.com/WebGrabber_GS/b_installation/New_Installation.html https://nvd.nist.gov/vuln/detail/CVE-2008-20001 https://access.redhat.com/security/cve/cve-2008-20001

Share on: