CVE-2024-49112

CRITICAL

Windows LDAP - Remote Code Execution via Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2024-49112. PoCs published by tnkr, bo0l3an, CCIEVoice2009.

AI-analyzed exploit summary This repository contains a Python script that monitors Google search results for new PoCs related to CVE-2024-49112. It uses the Google Custom Search JSON API to fetch results and alerts via Discord webhooks when new content is found.

Description

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Exploits (4)

nomisec SCANNER 14 stars
by tnkr · poc
https://github.com/tnkr/poc_monitor

This repository contains a Python script that monitors Google search results for new PoCs related to CVE-2024-49112. It uses the Google Custom Search JSON API to fetch results and alerts via Discord webhooks when new content is found.

Classification
Scanner 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Google Custom Search JSON API
Auth required
Prerequisites: Google API key · Google Search Engine ID · Discord webhook URL
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS 10 stars
by bo0l3an · poc
https://github.com/bo0l3an/CVE-2024-49112-PoC

The repository claims to contain a PoC for CVE-2024-49112 but only provides vague descriptions and external download links (bit.ly) instead of actual exploit code. The README lacks technical details and focuses on monetization.

Classification
Suspicious 95%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: Windows LDAP Service
No auth needed
Prerequisites: Vulnerable Windows LDAP Service
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by CCIEVoice2009 · poc
https://github.com/CCIEVoice2009/CVE-2024-49112

This repository contains a functional exploit for CVE-2024-49112, a critical vulnerability in Windows LDAP client. The exploit triggers a crash in the target system by leveraging the Netlogon Remote Protocol (NRPC) and a malicious LDAP server.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows LDAP client (specific versions not specified)
No auth needed
Prerequisites: Attacker-controlled domain with specific DNS SRV records · Network access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/safebreach-labs/cve-2024-49112

This repository contains a functional exploit for CVE-2024-49113, a critical vulnerability in Windows LDAP client. The exploit leverages the Netlogon Remote Protocol (NRPC) to trigger a crash on target Windows Server systems by sending a crafted LDAP response with a referral.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows LDAP client (specific versions not specified)
No auth needed
Prerequisites: Attacker-controlled domain with specific DNS SRV records · Network connectivity to target · Python environment with required dependencies
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.8780
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-190
Status published
Products (42)
Microsoft/Windows 10 Version 1507 10.0.10240.0 - 10.0.10240.20857
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.7606
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.6659
Microsoft/Windows 10 Version 21H2 10.0.19043.0 - 10.0.19044.5247
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.5247
Microsoft/Windows 11 version 22H2 10.0.22621.0 - 10.0.22621.4602
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.4602
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.4602
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.2605
Microsoft/Windows Server 2008 Service Pack 2 6.0.6003.0 - 6.0.6003.23016
... and 32 more
Published Dec 12, 2024
Tracked Since Feb 18, 2026