CVE-2009-1538

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
70.0%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: July 15, 2009 (6147 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."

CWE

CWE-20

Affected Products

microsoft directxmicrosoft windows 2000microsoft windows server 2003microsoft windows xp

References

🔗 osvdb.org 🔗 www.securityfocus.com 🔗 www.us-cert.gov 🔗 www.vupen.com 🔗 docs.microsoft.com