Vulnerability Description
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Directx | 7.0 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971Vendor Advisory
- http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-pVendor Advisory
- http://isc.sans.org/diary.html?storyid=6481Not Applicable
- http://osvdb.org/54797Broken Link
- http://secunia.com/advisories/35268Vendor Advisory
- http://www.microsoft.com/technet/security/advisory/971778.mspxPatchVendor Advisory
- http://www.securityfocus.com/bid/35139Broken Link
- http://www.securitytracker.com/id?1022299Broken Link
- http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/1445Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1886Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-02Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971Vendor Advisory
- http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-pVendor Advisory
FAQ
What is CVE-2009-1537?
CVE-2009-1537 is a vulnerability with a CVSS score of 8.8 (HIGH). Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP...
How severe is CVE-2009-1537?
CVE-2009-1537 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1537?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Directx, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Xp.