Detections
Analytics

CVE-2009-1537

high

Description

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028

http://www.vupen.com/english/advisories/2009/1886

http://www.vupen.com/english/advisories/2009/1445

http://www.us-cert.gov/cas/techalerts/TA09-195A.html

http://www.securitytracker.com/id?1022299

http://www.securityfocus.com/bid/35139

http://www.microsoft.com/technet/security/advisory/971778.mspx

http://secunia.com/advisories/35268

http://osvdb.org/54797

http://isc.sans.org/diary.html?storyid=6481

http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx

http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx

Details

Source: Mitre, NVD

Published: 2009-05-29

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High