High severityNVD Advisory· Published Jul 16, 2025· Updated Apr 15, 2026

CVE-2025-34128

Description

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rbnvd
rh0dev.github.io/blog/2015/fun-with-info-leaks/nvd
www.exploit-db.com/exploits/35948nvd
www.exploit-db.com/exploits/36100nvd
www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflownvd
www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.056
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000