PT-2009-4035 · Apple+1 · Apple Quicktime+1

Yamata Li

Published

2009-07-15

Updated

2019-02-26

CVE-2009-1538

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c

Description: The issue concerns the QuickTime Movie Parser Filter in quartz.dll, which is part of DirectShow in Microsoft DirectX. It allows remote attackers to execute arbitrary code via a crafted QuickTime media file due to improper validation of unspecified data values when updating pointers.

Recommendations: For Microsoft DirectX versions 7.0 through 9.0c, consider restricting the use of the QuickTime Movie Parser Filter until a patch is available. As a temporary workaround, avoid using the affected filter to parse QuickTime media files.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-1538

Affected Products

Directx

Apple Quicktime

PT-2009-4035 · Apple+1 · Apple Quicktime+1

CVE-2009-1538

Weakness Enumeration

Related Identifiers

Affected Products

References · 7