CVE-2009-1539
Summary
| CVE | CVE-2009-1539 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-07-15 15:30:00 UTC |
| Updated | 2019-02-26 14:04:00 UTC |
| Description | The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Directx | 7.0 | All | All | All |
| Application | Microsoft | Directx | 8.1 | All | All | All |
| Application | Microsoft | Directx | 9.0 | All | All | All |
| Application | Microsoft | Directx | 7.0 | All | All | All |
| Application | Microsoft | Directx | 8.1 | All | All | All |
| Application | Microsoft | Directx | 9.0 | All | All | All |
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | x64 | All |
| Operating System | Microsoft | Windows Xp | - | sp3 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | x64 | All |
| Operating System | Microsoft | Windows Xp | - | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| US-CERT Technical Cyber Security Alert TA09-195A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| 55845 | OSVDB | osvdb.org | |
| Microsoft Security Bulletin MS09-028 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.