CVE-2025-34128

HIGH

X360 VideoPlayer <2.6 - Buffer Overflow

Title source: llm

Description

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/36100

View Code ZIP pw:eip

exploitdb WORKING POC

by Rh0 · htmlremotewindows

https://www.exploit-db.com/exploits/35948

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Rh0, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb

View Code ZIP pw:eip

References (6)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb

[Various Sources] https://rh0dev.github.io/blog/2015/fun-with-info-leaks/

[Vendor Advisory] https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/35948

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/36100

[Third Party Advisory] https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow

Scores

CVSS v4 8.6

EPSS 0.5212

EPSS Percentile 97.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-120 CWE-94

Status published

Products (1)

X360Soft/X360 VideoPlayer ActiveX Control 2.6

Published Jul 16, 2025

Tracked Since Feb 18, 2026