CVE-2009-1537
8.8 HIGHUnspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windo...
Published: 2009-05-29 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-158
Affected products
| Vendor | Product |
|---|---|
| microsoft | directx, windows_2000, windows_2003_server |
Description
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2009-1537
- [Vendor advisory]http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx
- [Vendor advisory]http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx
- [Other]http://isc.sans.org/diary.html?storyid=6481
- [Other]http://osvdb.org/54797
- [Vendor advisory]http://secunia.com/advisories/35268
- [Patch]http://www.microsoft.com/technet/security/advisory/971778.mspx
- [Other]http://www.securityfocus.com/bid/35139
- [Other]http://www.securitytracker.com/id?1022299
- [Other]http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/1445
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/1886
- [Vendor advisory]https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237
- [Vendor advisory]http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx
- [Vendor advisory]http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx
- [Other]http://isc.sans.org/diary.html?storyid=6481
- [Other]http://osvdb.org/54797
- [Vendor advisory]http://secunia.com/advisories/35268
- [Patch]http://www.microsoft.com/technet/security/advisory/971778.mspx
- [Other]http://www.securityfocus.com/bid/35139
- [Other]http://www.securitytracker.com/id?1022299
- [Other]http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/1445
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/1886
- [Vendor advisory]https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237
- [Other]https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1537
Related CVEs
Same vendor
- CVE-2026-50512 — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privilege... (7.8 HIGH)
- CVE-2026-50511 — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privilege... (7.8 HIGH)
- CVE-2026-50507 — Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack (6.8 MEDIUM)
- CVE-2026-49161 — Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally (7.8 HIGH)
- CVE-2026-49160 — Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network (7.5 HIGH)