CVE-2009-1537β€”Microsoft DirectX NULL Byte Overwrite Vulnerability

PUBLISHEDvulnerability record
2026-05-20 Β· last modified May 20, 2026

Metadata

CVE ID:
CVE-2009-1537
Project:
Microsoft
Product:
DirectX
Date Added:
2026-05-20
Due Date:
2026-06-03
Last Updated:
May 20, 2026

Vulnerability Name

Microsoft DirectX NULL Byte Overwrite Vulnerability

Description

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles