Proof-of-Concept Exploit Released for Vulnerability CVE-2024-49113 in Microsoft Windows LDAP

Security researchers have published proof-of concept (PoC) exploit code for CVE-2024-49113, which is a denial-of-service (DoS) vulnerability in the Microsoft Windows Lightweight Directory Access Protocol (LDAP). The PoC can reportedly be used by a remote attacker to crash any Windows Server, creating a DoS condition. 

Additionally, the researchers have described technical details about their attempts to create a PoC for LDAP remote code execution (RCE) vulnerability CVE-2024-49112.

• CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2024-49112 is a Remote Code Execution vulnerability in Windows and Windows Server with a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated attacker to gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.

• CVE-2024-49113 - Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVE-2024-49113 is a denial-of-service (DoS) vulnerability in Windows and Windows Server with a CVSSv3 score of 7.5. An unauthenticated, remote attacker could exploit this vulnerability to create a denial-of service condition.