Exposures › CVE-2009-1537
Microsoft DirectX contained a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter allowing remote code execution via crafted media files.
This 2009 vulnerability was actively exploited in the wild and linked to ransomware campaigns, exposing defense contractors to remote code execution through unpatched DirectX components. DIB organizations must verify patch levels on legacy systems and prioritize updates to prevent exploitation of this known, high-severity flaw.
Shame score — The vulnerability was actively exploited in the wild for years before being patched, indicating a significant lapse in vendor response and security hygiene.
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |