CVE-2025-34128
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-07-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| x360 | videoplayer | 2.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to arbitrary code execution, which means an attacker could run malicious code on your system with the privileges of the current process. This could result in system compromise, data theft, or further attacks.
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6. It occurs when the ConvertFile() method processes overly long arguments, allowing an attacker to supply specially crafted input that causes memory corruption and enables execution of arbitrary code within the current process context.