🟢 CVE-2009-1537

CVE-2009-1537 is a vulnerability in Microsoft DirectX's QuickTime Movie Parser that allows remote code execution when processing crafted QuickTime media files. This is a client-side vulnerability requiring user interaction to open malicious media files, not a server-side vulnerability exploitable over the internet.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2009-05-29

Added to CISA KEV: 2026-05-20 6200 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-03)

CVE-2009-1537 is a critical security vulnerability in Microsoft DirectX that was identified and addressed in 2009. Below is a summary of the known details regarding this vulnerability.

Overview and Impact
  • Vulnerability Type: It is described as a "NULL Byte Overwrite Vulnerability" within the QuickTime Movie Parser Filter (located in `quartz.dll`) of Microsoft DirectShow [1].
  • Impact: Successful exploitation allows a remote attacker to execute arbitrary code on the target system [1]. This effectively grants the attacker the same rights as the local user, potentially leading to full system compromise.
Exploitation and Threat Activity
  • Active Exploitation: This vulnerability was confirmed to be actively exploited in the wild as early as May 2009 [1] [4].
  • Attack Method: Exploitation requires a user to open a specially crafted QuickTime media file (e.g., via a malicious website or an email attachment) [1]. It is a remote attack vector that relies on user interaction to trigger the parsing of the malicious file.
  • Targeted Attacks/Ransomware: While it was actively exploited in the wild during the 2009 timeframe, there is no specific documentation linking this legacy vulnerability to modern ransomware campaigns. It is, however, included in the CISA Known Exploited Vulnerabilities (KEV) Catalog, which underscores its historical significance and the requirement for remediation in environments where these legacy systems might still exist [2].
Affected Products and Mitigation
  • Affected Versions: The vulnerability affects Microsoft DirectX 7.0 through 9.0c on the following operating systems [1]:
* Windows 2000 SP4 * Windows XP (SP2 and SP3) * Windows Server 2003 (SP2)
  • Patch Status: Microsoft released a security update to resolve this issue in Security Bulletin MS09-028, published on July 14, 2009 [3].
  • Mitigation: The primary mitigation is to apply the security updates provided by Microsoft in MS09-028. Because these operating systems are long past their support lifecycle, the most effective mitigation is to upgrade to modern, supported operating systems that are not susceptible to these legacy vulnerabilities.

Sources

  1. NVD - CVE-2009-1537

    This CVE is in CISA's Known Exploited Vulnerabilities Catalog Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements. ... CVE-2009-1537 Detail. Description. Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectSho…

  2. Known Exploited Vulnerabilities Catalog | CISA

    ... Vulnerability: TanStack contains an unspecified vulnerability that allowed malicious versions ... detail/CVE-2009-3459. Microsoft | DirectX. CVE-2009-1537.

  3. Microsoft Security Bulletin MS09-028 - Critical

    This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. ... Affected and Non-Affected Software. The following software have been tested to determine which versions or editions are affected. Other versions or editions are…

  4. Microsoft Updates for Multiple Vulnerabilities | CISA

    Microsoft indicates that two of these vulnerabilities, CVE-2009-1537 and CVE-2008-0015, are being actively exploited.Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as W…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed