A fake proof-of-concept (PoC) exploit for a recent LDAP vulnerability distributes information stealer malware.
January 13, 2025 By Ionut Arghire
Threat actors are distributing information stealer malware masquerading as proof-of-concept (PoC) exploit code targeting a recent Windows Lightweight Directory Access Protocol (LDAP) vulnerability.
Tracked as CVE-2024-49113 (CVSS score of 7.5) and leading to denial-of-service (DoS), the security defect was addressed on December 10 along with over 70 flaws, including a critical LDAP bug (CVE-2024-49112) that could lead to remote code execution (RCE).
Less than a month after patches were rolled out for the two issues, SafeBreach published PoC code targeting CVE-2024-49113, saying that it should be considered as important as the RCE flaw.
According to SafeBreach, which refers to CVE-2024-49113 as LDAPNightmare, the vulnerability can be abused to crash any unpatched Windows server, even those that are not Domain Controllers, if there is an internet-accessible DNS server.
