Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

module

VeryPDF PDFView OCX ActiveX OpenPDF Heap Overflow

Try Surface Command
Back to search
Disclosed
Jun 16, 2008
Created
May 30, 2018

Description

The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow
because it fails to properly bounds-check user-supplied data before copying
it into an insufficiently sized memory buffer. An attacker can exploit this issue
to execute arbitrary code within the context of the affected application.

Authors

MC [email protected]
dean [email protected]

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/browser/verypdf_pdfview
    msf exploit(verypdf_pdfview) > show targets
        ...targets...
    msf exploit(verypdf_pdfview) > set TARGET < target-id >
    msf exploit(verypdf_pdfview) > show options
        ...show and set options...
    msf exploit(verypdf_pdfview) > exploit
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report