CVE-2009-1537
Published: 29 May 2009
Summary
CVE-2009-1537 is a high-severity Improper Neutralization of Null Byte or NUL Character (CWE-158) vulnerability in Microsoft Directx. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
The vulnerability is an unspecified issue, also known as the DirectX NULL Byte Overwrite Vulnerability, in the QuickTime Movie Parser Filter in quartz.dll within DirectShow as part of Microsoft DirectX 7.0 through 9.0c. Affected platforms include Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2.
Remote attackers can exploit the flaw by supplying a crafted QuickTime media file, which may result in arbitrary code execution. The vulnerability was exploited in the wild in May 2009.
Microsoft Security Advisory 971778 addresses the DirectShow vulnerability, with further technical analysis available from the Microsoft Security Response Center and Security Research and Defense blogs. Additional references from SANS ISC, OSVDB, and Secunia document the issue and its exploitation characteristics.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2009-1533
Vulnerability details
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via…
more
a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
- CWE(s)
- KEV Date Added
- 20 May 2026
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch (Microsoft Security Advisory 971778) that eliminates the NULL-byte overwrite flaw in quartz.dll.
Enforces disabling or removing the DirectShow/QuickTime parser components when they are not required, eliminating the attack surface for crafted media files.
Deploys malicious-code detection mechanisms that can inspect or sandbox QuickTime media files before the vulnerable parser processes them.