CVE-2009-1539

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/55845
http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
http://www.vupen.com/english/advisories/2009/1886
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

History

No history.

Information

Published : 2009-07-15 15:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-1539

Mitre link : CVE-2009-1539

CVE.ORG link : CVE-2009-1539

JSON object : View

Products Affected

microsoft

windows_2000
windows_xp
windows_server_2003
directx

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2009-1539", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-07-15T15:30:01.407", "references": [{"url": "http://osvdb.org/55845", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1886", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"DirectX Size Validation Vulnerability.\""}, {"lang": "es", "value": "EL QuickTime Movie Parser Filter en quartz.dll en DirectShow en Microsoft DirectX v7.0 a la v9.0c sobre Windows 2000 SP4, Windows XP SP2 y SP3, y Windows Server 2003 SP2, no valida adecuadamente el tama\u00f1o sin especificar de los campos en los archivos \"Quicktime media\", lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de validaci\u00f3n de tama\u00f1o en DirectX\"."}], "lastModified": "2019-02-26T14:04:00.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@microsoft.com"}