CVE-2025-34128
published 2025-07-16CVE-2025-34128: A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the…
PriorityP355high8.6CVSS 4.0
AVNACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.85%
53.7th percentile
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| x360soft | x360_videoplayer_activex_control | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for instantiation of the VideoPlayer.ocx ActiveX control in browser processes, particularly calls to the ConvertFile() method with abnormally long argument strings, which indicates exploitation attempt. ↗
- →The exploit targets a .data segment buffer overflow to bypass ASLR and DEP; look for memory corruption indicators or unexpected code execution originating from browser child processes loading VideoPlayer.ocx. ↗
- →Execution context is the current user's browser process; hunt for VideoPlayer.ocx loaded in browser processes (e.g., iexplore.exe) and flag any spawned child processes or shellcode-like activity. ↗
- ·Exploitation is delivered via browser-based ActiveX instantiation; the attack surface is limited to environments where the X360 VideoPlayer ActiveX control is registered and Internet Explorer (or legacy ActiveX-capable browsers) is in use. ↗
- ·The vulnerable version is specifically 2.6 of VideoPlayer.ocx; verify the exact version present in the environment before applying detections to avoid false positives on other versions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rbhttps://rh0dev.github.io/blog/2015/fun-with-info-leaks/https://www.exploit-db.com/exploits/35948https://www.exploit-db.com/exploits/36100https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflowhttps://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow
2025-07-16
Published