activePDF WebGrabber Stack-Based Buffer Overflow Vulnerability in APWebGrb.ocx ActiveX Control

A stack-based buffer overflow vulnerability has been identified in activePDF WebGrabber version 3.8.2.0. The issue resides in the GetStatus() method of the APWebGrb.ocx ActiveX control, where an overly long string can be passed, allowing remote attackers to execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is feasible through crafted HTML content in Internet Explorer under permissive security settings.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, executed in the context of the user running the vulnerable application.

Reproduction

The vulnerability can be reproduced by creating a HTML file that includes a script. This script should attempt to create an ActiveX object for the APWebGrabber. Object, and then call the GetStatus() method with a payload that exceeds the buffer size, such as 0x40000. The payload can be crafted to include shellcode that will be executed once the buffer overflow is triggered. This can be done using a tool like Metasploit, which has a module available for this specific vulnerability.