CVE-2009-1537

high Microsoft ⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
74.1%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: May 29, 2009 (6251 days ago)
Last Modified: May 21, 2026
Vendor: Microsoft
Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-05-20
Remediation Due: 2026-06-03 (⚠ 37d overdue)

Description

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

CWE

NVD-CWE-noinfo

Affected Products

microsoft directxmicrosoft windows 2000microsoft windows 2003 servermicrosoft windows server 2003microsoft windows xp

References