CVE-2009-1539

2009-07-1515:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-1539

quicktime

media files

directshow

microsoft directx

windows

remote code execution

security vulnerability

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.342 Low

EPSS

Percentile

97.1%

JSON

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka “DirectX Size Validation Vulnerability.”

CPENameOperatorVersion
microsoft:directxmicrosoft directxeq7.0
microsoft:windows_2000microsoft windows 2000eq-
microsoft:directxmicrosoft directxeq8.1
microsoft:directxmicrosoft directxeq9.0
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_xpmicrosoft windows xpeq-

CPE	Name	Operator	Version
microsoft:directx	microsoft directx	eq	7.0
microsoft:windows_2000	microsoft windows 2000	eq	-
microsoft:directx	microsoft directx	eq	8.1
microsoft:directx	microsoft directx	eq	9.0
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_xp	microsoft windows xp	eq	-