CVE-2025-34128 HIGH

CVE-2025-34128: X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()

Vendor X360Soft
Product X360 VideoPlayer ActiveX Control
Weakness CWE-120
Published July 16, 2025
Last update April 7, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

Key dates

02Disclosure timeline

July 16, 2025 CVE published
April 7, 2026 Record updated