QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34128

Published: Jul 16, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

Vendor	Product	Versions
X360Soft	X360 VideoPlayer ActiveX Control	affected `2.6`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb

exploit

https://rh0dev.github.io/blog/2015/fun-with-info-leaks/

third-party-advisory

technical-description

https://www.exploit-db.com/exploits/35948

exploit

https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow

third-party-advisory

https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow

third-party-advisory

https://www.exploit-db.com/exploits/36100

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.