MS08-033 Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) is rated as critical and states that DirectX 9.0 was added as affected software. This vulnerability can be exploited through a specially crafted media file. http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) is also rated critical and has been updated to reflect DirectX 9.0 and 9.0a as affected software. This vulnerability can be exploited through a specially crafted media file via streaming. http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
