CISA KEV: Microsoft DirectX — Microsoft DirectX NULL Byte Overwrite Vulnerability

Wednesday, May 20, 2026 at 12:00 AM UTC·Source: CISA KEV

Updated: Wednesday, May 20, 2026 at 06:00 PM UTC

Executive Summary

Analysis

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file. Added to CISA Known Exploited Vulnerabilities catalog on 2026-05-20. Remediation due: 2026-06-03.

Indicators of Compromise (1)

CVE (1)

CVE-2009-1537

NVD MITRE CVE

Source Attribution

Originally published by CISA KEV on May 20, 2026. Verified by: CISA.

Related Threats

LOWVulnerability

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor authentication (2FA)

3h agoThe Hacker News

MEDIUMVulnerability

Alberto Daniel Hill’s Cybermidnight Coverage of the Latin American Digital Sovereignty Crisis (March–June 2026)

Alberto Daniel Hill’s report is a must-read for anyone who wants to begin to understand what is going on in Argentina, Uruguay, and Mexico with respect to digital security. One of the many limitations of being a solo blogger is that there are entire areas of the world or sectors I basically know nothing about... Source

7h agoDataBreaches.net

MEDIUMVulnerability

Why Firms Struggle With Vendor Security After They Sign

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/healthcare-firms-struggle-ongoing-vendor-oversight-image_small-9-a-31826.jpg" align=right hspace=4><b>Study: Monitoring Vendor Risk Remains Much Harder Than Onboarding Third Parties</b><br>Healthcare organizations are getting better vetting third-party vendors, including suppliers of medical devices, software and other products. B

8h agoBank Info Security