Loading
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
Use CWE-94, Microsoft vendor hub and Directx product page to widen CVE-2009-1539 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2012-1537, CVE-2010-1880 and CVE-2010-1879 for nearby disclosures in the same product family. Additional editorial context is available in Weekly Security Roundup: Navigating the April 2026 Threat Landscape and Critical Framework Exploits.