Skip to main content
Customer Support Customer Support

Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP.

 

January 3, 2025 By Ionut Arghire

 

SafeBreach has published proof-of-concept (PoC) exploit code targeting a recently resolved denial-of-service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP).

The issue, tracked as CVE-2024-49113 (CVSS score of 7.5), was patched on December 10 along with a critical remote code execution (RCE) flaw in LDAP (CVE-2024-49112, CVSS score of 9.8).

Neither of the defects has been marked as exploited, but Microsoft warned that the RCE bug could allow unauthenticated attackers to execute arbitrary code using crafted LDAP calls, urging administrators to disconnect Domain Controllers from the internet to mitigate exposure.

 

>>Full Article<<

    TripleHelix
    mcattano
    2 people like this
    • TripleHelix
      TripleHelix
    • mcattano
      mcattano

    2 replies

    TylerM
    Administrator
    Forum|alt.badge.img+25
    • TylerM
    • Sr. Security Analyst & Community Manager
    • 1275 replies
    • January 3, 2025

    I’m moving these to Vulnerability vault (just created) inside the Threat Intel Hub :)

     

    https://community.opentextcybersecurity.com/p/ThreatIntelHub

    ProTruckDriver
    Jasper_The_Rasper
    2 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54

    Thank you ​@TylerM I will go and take a look

    ProTruckDriver
    TylerM
    2 people like this
    • ProTruckDriver
      ProTruckDriver
    • TylerM
      TylerM

    Reply


    Terms & Conditions