9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.725 High
EPSS
Percentile
98.0%
Added: 06/03/2009
CVE: CVE-2009-1537
BID: 35139
OSVDB: 54797
DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.
A command execution vulnerability in DirectShow allows command execution when a user opens a QuickTime movie file containing an invalid compressor name length value in the STSD atom.
Apply one of the workarounds described in Microsoft Security advisory 971778.
<http://isc.sans.org/diary.html?storyid=6481>
Exploit works on Microsoft DirectX 9.0 and requires a user to open the exploit page in Internet Explorer 6 or 7.
The .NET framework 2.0 must be installed on the target.
Windows XP