Primary

Context

X360 VideoPlayer ActiveX Control Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6. The issue arises when the control's ConvertFile() method is fed excessively long arguments, leading to memory corruption. This vulnerability can be exploited to execute arbitrary code within the context of the current process.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by creating an ActiveX object of the X360 VideoPlayer control in Internet Explorer 10 on a Windows 7 64-bit system. Once the object is created, the ConvertFile() method can be called with a specially crafted string that exceeds the buffer limit. This overflow can then be exploited by manipulating the ActiveX object's methods to execute arbitrary code.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.3

threat

7.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.3

threat

7.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

X360 VideoPlayer ActiveX Control Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating