9.3

CVE-2009-1537

EPSS 68.8%
Published 29.05.2009 18:30:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Directx Version7.0

Microsoft ≫ Directx Version7.0a

Microsoft ≫ Directx Version7.1

Microsoft ≫ Directx Version8.1

Microsoft ≫ Directx Version8.1b

Microsoft ≫ Directx Version9.0

Microsoft ≫ Directx Version9.0a

Microsoft ≫ Directx Version9.0b

Microsoft ≫ Directx Version9.0c

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Directx Version9.0

Microsoft ≫ Directx Version9.0a

Microsoft ≫ Directx Version9.0b

Microsoft ≫ Directx Version9.0c

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium

Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	68.8%	0.986

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx

Vendor Advisory

http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx

http://isc.sans.org/diary.html?storyid=6481

http://osvdb.org/54797

http://secunia.com/advisories/35268

Vendor Advisory

http://www.microsoft.com/technet/security/advisory/971778.mspx

Patch

Vendor Advisory

http://www.securityfocus.com/bid/35139

http://www.securitytracker.com/id?1022299

http://www.us-cert.gov/cas/techalerts/TA09-195A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/1445

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1886

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237

https://nvd.nist.gov/vuln/detail/CVE-2009-1537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1537

EUVD