CVE-2009-1537
is CVE-2009-1537real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2009-1537)<a href="https://www.truepositive.app/cve/CVE-2009-1537"><img src="https://www.truepositive.app/cve/CVE-2009-1537/badge.svg" alt="TruePositive verdict for CVE-2009-1537"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
2 verdictsto add your verdict.
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
No notes yet — be the first to share what you saw or a fix that worked.
Related CVEs
Same weakness — CWE-158.
- CVE-2022-1040CVSS 9.8KEVEPSS 100%
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
- CVE-2025-47812CVSS 10KEVEPSS 95%
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.