CVE-2009-1537
published 2009-05-29CVE-2009-1537: Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows…
PriorityP184high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-06-03
Exploited in the wild
EPSS
50.93%
98.8th percentile
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | directx | — | — |
| microsoft | directx | — | — |
| microsoft | directx | — | — |
| microsoft | directx | — | — |
| microsoft | directx | — | — |
| microsoft | directx | — | — |
| microsoft | directx | — | — |
| microsoft | directx | — | — |
| microsoft | directx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target file to monitor: quartz.dll (QuickTime Movie Parser Filter in DirectShow) processing of crafted QuickTime media files may indicate exploitation attempts ↗
- →Alert on delivery of crafted QuickTime media files to Windows 2000 SP4, Windows XP SP2/SP3, and Windows Server 2003 SP2 systems, as this vulnerability was actively exploited in the wild in May 2009 ↗
- ·The vulnerability is described as 'unspecified' — no concrete technical details (e.g., specific file structure, offsets, or byte patterns) are publicly disclosed in these sources, limiting the ability to write precise signature-based detections beyond file type and affected component ↗
- ·Affected scope is limited to legacy Windows platforms (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2) with DirectX 7.0–9.0c; modern systems are not affected ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft DirectX NULL Byte Overwrite Vulnerability
cisa·2026-05-20·CVSS 8.8
CVE-2009-1537 [HIGH] Microsoft DirectX NULL Byte Overwrite Vulnerability
Vulnerability: Microsoft DirectX NULL Byte Overwrite Vulnerability
Affected: Microsoft DirectX
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
Remediation Due Date: 2026-06-03
GHSA
GHSA-qvw7-mg6g-qm9m: Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz
ghsa_unreviewed·2022-05-02
CVE-2009-1537 [HIGH] GHSA-qvw7-mg6g-qm9m: Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
VulnCheck
DirectX NULL Byte Overwrite Vulnerability
vulncheck·2009·CVSS 9.3
CVE-2009-1537 [CRITICAL] DirectX NULL Byte Overwrite Vulnerability
DirectX NULL Byte Overwrite Vulnerability
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
Affected: Microsoft directx
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2009-1537; https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028
No detection rules found.
No public exploits indexed.
http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspxhttp://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspxhttp://isc.sans.org/diary.html?storyid=6481http://osvdb.org/54797http://secunia.com/advisories/35268http://www.microsoft.com/technet/security/advisory/971778.mspxhttp://www.securityfocus.com/bid/35139http://www.securitytracker.com/id?1022299http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlhttp://www.vupen.com/english/advisories/2009/1445http://www.vupen.com/english/advisories/2009/1886https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspxhttp://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspxhttp://isc.sans.org/diary.html?storyid=6481http://osvdb.org/54797http://secunia.com/advisories/35268http://www.microsoft.com/technet/security/advisory/971778.mspxhttp://www.securityfocus.com/bid/35139http://www.securitytracker.com/id?1022299http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlhttp://www.vupen.com/english/advisories/2009/1445http://www.vupen.com/english/advisories/2009/1886https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1537
2009-05-29
Published
2026-05-20
Added to CISA KEV
Exploited in the wild