PT-2009-4036 · Apple+1 · Apple Quicktime+1

Aaron Portnoy

Published

2009-07-15

Updated

2019-02-26

CVE-2009-1539

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c

Description: The issue arises from the QuickTime Movie Parser Filter in quartz.dll, which fails to properly validate size fields in QuickTime media files. This allows remote attackers to execute arbitrary code via a crafted file.

Recommendations: For Microsoft DirectX versions 7.0 through 9.0c, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the QuickTime Movie Parser Filter in DirectShow to minimize the risk of arbitrary code execution.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2009-1539

Affected Products

Directx

Apple Quicktime

PT-2009-4036 · Apple+1 · Apple Quicktime+1

CVE-2009-1539

Weakness Enumeration

Related Identifiers

Affected Products

References · 6