Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by X360Soft
CVE-2025-34128 (GCVE-0-2025-34128)
Vulnerability from nvd – Published: 2025-07-16 21:10 – Updated: 2026-04-07 14:09
VLAI
Title
X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()
Summary
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://rh0dev.github.io/blog/2015/fun-with-info-leaks/ | third-party-advisorytechnical-description |
| https://www.exploit-db.com/exploits/35948 | exploit |
| https://www.fortiguard.com/encyclopedia/ips/40167… | third-party-advisory |
| https://www.vulncheck.com/advisories/x360-videopl… | third-party-advisory |
| https://www.exploit-db.com/exploits/36100 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| X360Soft | X360 VideoPlayer ActiveX Control |
Affected:
2.6
|
Date Public
2015-01-30 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34128",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T13:44:55.636741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T13:45:07.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"VideoPlayer.ocx"
],
"product": "X360 VideoPlayer ActiveX Control",
"vendor": "X360Soft",
"versions": [
{
"status": "affected",
"version": "2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rh0"
}
],
"datePublic": "2015-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process."
}
],
"value": "A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-14",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-14 Client-side Injection-induced Buffer Overflow"
}
]
},
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:47.863Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://rh0dev.github.io/blog/2015/fun-with-info-leaks/"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/35948"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/36100"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34128",
"datePublished": "2025-07-16T21:10:31.205Z",
"dateReserved": "2025-04-15T19:15:22.561Z",
"dateUpdated": "2026-04-07T14:09:47.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34128 (GCVE-0-2025-34128)
Vulnerability from cvelistv5 – Published: 2025-07-16 21:10 – Updated: 2026-04-07 14:09
VLAI
Title
X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()
Summary
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://rh0dev.github.io/blog/2015/fun-with-info-leaks/ | third-party-advisorytechnical-description |
| https://www.exploit-db.com/exploits/35948 | exploit |
| https://www.fortiguard.com/encyclopedia/ips/40167… | third-party-advisory |
| https://www.vulncheck.com/advisories/x360-videopl… | third-party-advisory |
| https://www.exploit-db.com/exploits/36100 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| X360Soft | X360 VideoPlayer ActiveX Control |
Affected:
2.6
|
Date Public
2015-01-30 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34128",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T13:44:55.636741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T13:45:07.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"VideoPlayer.ocx"
],
"product": "X360 VideoPlayer ActiveX Control",
"vendor": "X360Soft",
"versions": [
{
"status": "affected",
"version": "2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rh0"
}
],
"datePublic": "2015-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process."
}
],
"value": "A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-14",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-14 Client-side Injection-induced Buffer Overflow"
}
]
},
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:47.863Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://rh0dev.github.io/blog/2015/fun-with-info-leaks/"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/35948"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/36100"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34128",
"datePublished": "2025-07-16T21:10:31.205Z",
"dateReserved": "2025-04-15T19:15:22.561Z",
"dateUpdated": "2026-04-07T14:09:47.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}