CVE-2009-1537

high

Description

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

References

Exploits
More

https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html

https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1537

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028

http://www.vupen.com/english/advisories/2009/1886

http://www.vupen.com/english/advisories/2009/1445

http://www.us-cert.gov/cas/techalerts/TA09-195A.html

http://www.microsoft.com/technet/security/advisory/971778.mspx

http://secunia.com/advisories/35268

http://isc.sans.org/diary.html?storyid=6481

http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx

http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx

Details

Source: Mitre, NVD

Published: 2009-05-29

Updated: 2026-05-21

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.74066