CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability
Summary
Microsoft DirectX has a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter that could allow remote code execution. Attackers can exploit this by sending a crafted QuickTime media file.
IFF Assessment
This vulnerability allows for remote code execution, which is a significant threat to systems and data.
Severity
The vulnerability allows for remote code execution with a high impact on confidentiality, integrity, and availability, and is likely exploitable over the network.
CISA KEV: Listed as actively exploited. Federal patch due: June 03, 2026. Known ransomware use: Unknown.
Defender Context
This is an older vulnerability that could be exploited by sophisticated attackers. Defenders should ensure systems are patched or mitigated against known DirectX vulnerabilities. Monitoring for exploitation attempts targeting legacy media parsing components is also advisable.