V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
BDU:2026-07708
BDU
HighConfirmedExploit available

Уязвимость файла quartz.dll в DirectShow операционной системы Windows связана с некорректной обработкой нулевых байтов или символов Nul при…

CVSS
8.8
High
EPSS
0.00
p0
Published
2026-01-01
Updated
2026-01-01
Description

Уязвимость файла quartz.dll в DirectShow операционной системы Windows связана с некорректной обработкой нулевых байтов или символов Nul при обмене данными. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально созданного медиафайла QuickTime

Tags · CWE
Pre-auth
Affected products
Microsoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp DirectxMicrosoft corp Directx
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Timeline
2026-01-01
Published
2026-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
BDU:2026-07708
bdu_exploit · https://bdu.fstec.ru/vul
Enterprise
Affected software
ProductVendorStatus
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
directxmicrosoft corpTracked
Source databases
BDU
Related vulnerabilities
CVE-2009-1537
External references
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1537@https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028@http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx@http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx@http://isc.sans.org/diary.html?storyid=6481@http://osvdb.org/54797@http://secunia.com/advisories/35268@http://www.microsoft.com/technet/security/advisory/971778.mspx@http://www.securityfocus.com/bid/35139@http://www.securitytracker.com/id?1022299@http://www.us-cert.gov/cas/techalerts/TA09-195A.html@http://www.vupen.com/english/advisories/2009/1445@http://www.vupen.com/english/advisories/2009/1886@https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028@https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237@https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1537@https://github.com/lieanu/it-sec-catalog/blob/master/Exploitation.md@https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv