COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2009-1537

CVE-2009-1537

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildransomwareunpatched

Microsoft DirectX contained a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter allowing remote code execution via crafted media files.

This 2009 vulnerability was actively exploited in the wild and linked to ransomware campaigns, exposing defense contractors to remote code execution through unpatched DirectX components. DIB organizations must verify patch levels on legacy systems and prioritize updates to prevent exploitation of this known, high-severity flaw.

Shame score — The vulnerability was actively exploited in the wild for years before being patched, indicating a significant lapse in vendor response and security hygiene.

Players implicated

Microsoft · vendorDirectX · product

Description

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90