Remote Code Execution Vulnerability in Microsoft's DirectShow Component
CVE-2009-1538

Currently unrated

Key Information:

Vendor
Microsoft
Status
Directx
Windows 2000
Vendor
CVE Published:
15 July 2009

Summary

The QuickTime Movie Parser Filter in quartz.dll within the Microsoft DirectShow component of DirectX versions 7.0 through 9.0c contains a vulnerability that allows remote attackers to exploit improperly validated pointers. This flaw can be triggered through specially crafted QuickTime media files, enabling attackers to execute arbitrary code on affected systems. Vulnerable systems include Windows 2000 SP4, Windows XP (both SP2 and SP3), and Windows Server 2003 SP2, thus posing a significant risk to users of these operating systems.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://osvdb.org/55844
vdb-entryx_refsource_OSVDB

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2009-1538 : Remote Code Execution Vulnerability in Microsoft's DirectShow Component | SecurityVulnerability.io