CVE-2025-34128

Public Exploit

X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()

Description

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

References

Link	Tags
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb	exploit
https://rh0dev.github.io/blog/2015/fun-with-info-leaks/	third party advisory technical description
https://www.exploit-db.com/exploits/35948	exploit
https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow	third party advisory
https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow	third party advisory
https://www.exploit-db.com/exploits/36100	exploit

Frequently Asked Questions

What is the severity of CVE-2025-34128?: CVE-2025-34128 has been scored as a high severity vulnerability.
How to fix CVE-2025-34128?: To fix CVE-2025-34128, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-34128 being actively exploited in the wild?: It is possible that CVE-2025-34128 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-34128?: CVE-2025-34128 affects X360Soft X360 VideoPlayer ActiveX Control.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions