AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMay 19, 2026CVE-2009-1537

Summary

Microsoft DirectX has a NULL byte overwrite vulnerability (a type of memory corruption where attackers can overwrite data at a specific memory location) in its QuickTime Movie Parser Filter within the quartz.dll file. An attacker could exploit this by sending a specially crafted QuickTime media file to execute arbitrary code (run any commands they want) on a victim's system, and this vulnerability is currently being exploited by real attackers.

Solution / Mitigation

Apply mitigations per Microsoft's vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See Microsoft Security Bulletin MS09-028 for specific patch details.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 68.1%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

May 19, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2009-1537

First tracked: May 20, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%