CVE-2025-34128 | THREATINT

Description

A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-16 | Updated 2026-04-07 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unknown

2.6

affected

Credits

Rh0 finder

References

raw.githubusercontent.com/...60_video_player_set_text_bof.rb exploit

rh0dev.github.io/blog/2015/fun-with-info-leaks/ third-party-advisory technical-description

www.exploit-db.com/exploits/35948 exploit

www.fortiguard.com/...player-activex-control-buffer-overflow third-party-advisory

www.vulncheck.com/...oplayer-activex-control-buffer-overflow third-party-advisory

www.exploit-db.com/exploits/36100 exploit

cve.org (CVE-2025-34128)

nvd.nist.gov (CVE-2025-34128)

Download JSON

help @ threatint.eu