CVE-2025-34128

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions X360 VideoPlayer versions 2.6

Description A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

Recommendations X360 VideoPlayer version 2.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-120

Related Identifiers

CVE-2025-34128

Affected Products

X360 Videoplayer

CVE-2025-34128

Weakness Enumeration

Related Identifiers

Affected Products

References · 11