CVE-2025-34128
X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()
CVSS Score
0.0
EPSS Score
52.1%
EPSS Percentile
98th
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
| CWE | CWE-120 CWE-94 |
| Vendor | x360soft |
| Product | x360 videoplayer activex control |
| Published | Jul 16, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for x360soft x360 videoplayer activex control
Be the first to know when new unknown vulnerabilities affecting x360soft x360 videoplayer activex control are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
X360Soft / X360 VideoPlayer ActiveX Control
2.6
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb rh0dev.github.io: https://rh0dev.github.io/blog/2015/fun-with-info-leaks/ exploit-db.com: https://www.exploit-db.com/exploits/35948 fortiguard.com: https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow vulncheck.com: https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow exploit-db.com: https://www.exploit-db.com/exploits/36100
Credits
Rh0