CVE-2009-2544
Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
Vulnerabilidad de salto de directorio en el componente Marcelo Costa FileServer v1.0 para Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) permite a usuarios autenticados remotamente listar directorios de su elección y leer ficheros de su elección al utilizar .. (punto punto) en la ruta del fichero.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-07-09 First Exploit
- 2009-07-20 CVE Reserved
- 2009-07-20 CVE Published
- 2024-02-28 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9093 | 2009-07-09 | |
| http://www.exploit-db.com/exploits/9093 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Marcelo Costa Search vendor "Marcelo Costa" | Fileserver Search vendor "Marcelo Costa" for product "Fileserver" | 1.0 Search vendor "Marcelo Costa" for product "Fileserver" and version "1.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Messenger Plus\! Live Search vendor "Microsoft" for product "Messenger Plus\! Live" | * | - |
Safe
|
| Marcelo Costa Search vendor "Marcelo Costa" | Fileserver Search vendor "Marcelo Costa" for product "Fileserver" | 1.0 Search vendor "Marcelo Costa" for product "Fileserver" and version "1.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Live Messenger Search vendor "Microsoft" for product "Windows Live Messenger" | * | - |
Safe
|