2025-02-23 01:13:51 Pacfic
Windows LDAP RCE Vulnerability Exploit Released - 19d
A critical remote code execution vulnerability, identified as CVE-2024-49112, has been discovered in Windows LDAP. A proof of concept (PoC) exploit has now been released, demonstrating how an attacker can exploit unpatched Domain Controllers. The vulnerability is triggered by a malicious LDAP request which causes memory corruption and allows for remote code execution, without any user interaction making it a zero click exploit. The exploit leverages a flaw within the wldap32.dll library, a core component of the LDAP client.
SafeBreach Labs researchers have developed this PoC which causes unpatched Windows Servers to crash. The attack involves the victim server sending a DNS query to a domain controlled by the attacker. The attacker's DNS server responds, directing the victim to send an LDAP request to the attacker's machine. By manipulating the length field of a specific value within a crafted LDAP response packet, a null pointer dereference is triggered leading to a crash and potentially allowing remote code execution. This vulnerability poses a significant threat, especially to Active Directory Domain Controllers, which are critical for network security.
ImgSrc: ciso2ciso.com
References:
- ciso2ciso.com - LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112 – Source: securityboulevard.com - 20d
- gbhackers.com - PoC Exploit Released For Critical Windows LDAP RCE Vulnerability - 20d
- @adulau - CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. - 20d
- ciso2ciso.com - CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers – Source: socprime.com -2024-49112 - 19d
- The Hacker News - LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers - 19d
- @jos1264 - CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers – Source: socprime.com -2024-49112 - 19d
- Security Archives - Security Affairs - LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113 - 19d
- @kubikpixel - LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers - 19d
- ciso2ciso.com - LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113 – Source: securityaffairs.com -2024-49113 - 18d
- CISO2CISO.COM & CYBER SECURITY GROUP - LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113 – Source: securityaffairs.com - 18d
- @jos1264 - LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113 – Source: securityaffairs.com - 18d
- News | CSO Online - Critical Windows LDAP flaw could lead to crashed servers, RCE attacks - 18d
- www.safebreach.com - Researchers have published a proof-of-concept exploit for a pair of Windows Lightweight Directory Access Protocol (LDAP) flaws that could lead to server crashes or remote code execution (RCE) on Windo - 18d
Classification:
- HashTags: WindowsLDAP RCE CVE-2024-49112
- Company: Microsoft
- Target: Windows Domain Controllers
- Product: Windows Server
- Feature: LDAP
- Type: Vulnerability
- Severity: Disaster