CVE-2025-34128

high

Description

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

References

Exploits
More

https://www.exploit-db.com/exploits/36100

https://www.exploit-db.com/exploits/35948

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb

https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow

https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow

https://rh0dev.github.io/blog/2015/fun-with-info-leaks/

Details

Source: Mitre, NVD

Published: 2025-07-16

Updated: 2025-07-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:P

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00093