Microsoft DirectX DirectShow QuickTime movie parsing vulnerability

Added: 06/03/2009
CVE: CVE-2009-1537
BID: 35139
OSVDB: 54797


DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.


A command execution vulnerability in DirectShow allows command execution when a user opens a QuickTime movie file containing an invalid compressor name length value in the STSD atom.


Apply one of the workarounds described in Microsoft Security advisory 971778.



Exploit works on Microsoft DirectX 9.0 and requires a user to open the exploit page in Internet Explorer 6 or 7.

The .NET framework 2.0 must be installed on the target.


Windows XP

Back to exploit index