CVE-2009-2544

Marcelo Costa FileServer <1.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2544. PoCs published by joepie91.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Windows Live Messenger Plus! FileServer 1.0, allowing unauthorized access to files outside the intended shared directory via the '!cd' command with '../' sequences.

Description

Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.

Exploits (1)

exploitdb WRITEUP VERIFIED

by joepie91 · textremotewindows

https://www.exploit-db.com/exploits/9093

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in Windows Live Messenger Plus! FileServer 1.0, allowing unauthorized access to files outside the intended shared directory via the '!cd' command with '../' sequences.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Windows Live Messenger Plus! FileServer 1.0

Auth required

Prerequisites: Valid credentials for the FileServer script · Access to the FileServer via Windows Live Messenger Plus!

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9093

Scores

EPSS 0.0223

EPSS Percentile 84.7%

Details

CWE

CWE-22

Status published

Products (1)

marcelo_costa/fileserver 1.0

Published Jul 20, 2009

Tracked Since Feb 18, 2026