CVE-2009-1538

2009-07-1515:30:00

CWE-20

[email protected]

web.nvd.nist.gov

directx

pointer validation

quicktime

directshow

microsoft

remote code execution

cve-2009-1538

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.809 High

EPSS

Percentile

98.3%

JSON

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka “DirectX Pointer Validation Vulnerability.”

CPENameOperatorVersion
microsoft:directxmicrosoft directxeq7.0
microsoft:windows_2000microsoft windows 2000eq-
microsoft:directxmicrosoft directxeq8.1
microsoft:directxmicrosoft directxeq9.0
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_xpmicrosoft windows xpeq-

CPE	Name	Operator	Version
microsoft:directx	microsoft directx	eq	7.0
microsoft:windows_2000	microsoft windows 2000	eq	-
microsoft:directx	microsoft directx	eq	8.1
microsoft:directx	microsoft directx	eq	9.0
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_xp	microsoft windows xp	eq	-