Description
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
References (13)
Core 13
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028
Various Sources x_refsource_confirm
http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35268
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022299
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1886
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1445
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54797
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35139
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
Various Sources x_refsource_misc
http://isc.sans.org/diary.html?storyid=6481
Patch, Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/971778.mspx
Vendor Advisory x_refsource_confirm
http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx
Scores
EPSS
0.6808
EPSS Percentile
98.6%
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2026-05-20
VulnCheck KEV
2009-05-29
InTheWild.io
2019-02-26
Status
published
Products (13)
microsoft/directx
7.0
microsoft/directx
7.0a
microsoft/directx
7.1
microsoft/directx
8.1
microsoft/directx
8.1b
microsoft/directx
9.0
microsoft/directx
9.0a
microsoft/directx
9.0b
microsoft/directx
9.0c
microsoft/windows_2000
... and 3 more
Published
May 29, 2009
KEV Added
May 20, 2026
Tracked Since
Feb 18, 2026