cbcvebase.
CVE-2009-1537
published 2009-05-29

CVE-2009-1537: Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows…

PriorityP184high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-06-03
Exploited in the wild
EPSS
50.93%
98.8th percentile
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

Affected

9 ranges
VendorProductVersion rangeFixed in
microsoftdirectx
microsoftdirectx
microsoftdirectx
microsoftdirectx
microsoftdirectx
microsoftdirectx
microsoftdirectx
microsoftdirectx
microsoftdirectx

Detection & IOCsextracted from sources · hover to see the quote

  • Target file to monitor: quartz.dll (QuickTime Movie Parser Filter in DirectShow) processing of crafted QuickTime media files may indicate exploitation attempts
  • Alert on delivery of crafted QuickTime media files to Windows 2000 SP4, Windows XP SP2/SP3, and Windows Server 2003 SP2 systems, as this vulnerability was actively exploited in the wild in May 2009
  • ·The vulnerability is described as 'unspecified' — no concrete technical details (e.g., specific file structure, offsets, or byte patterns) are publicly disclosed in these sources, limiting the ability to write precise signature-based detections beyond file type and affected component
  • ·Affected scope is limited to legacy Windows platforms (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2) with DirectX 7.0–9.0c; modern systems are not affected

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.