Intel Name: Information stealer masquerades as ldapnightmare (cve-2024-49113) poc exploit
Date of Scan: January 10, 2025
Impact: Medium
Summary: In December 2024, two critical vulnerabilities in Microsoft’s Windows LDAP were addressed, including CVE-2024-49113, a denial-of-service (DoS) vulnerability. A fake proof-of-concept (PoC) exploit for CVE-2024-49113, known as LDAPNightmare, has been used to lure security researchers into downloading and executing information-stealing malware. While using PoC lures for malware delivery is not new, this attack is concerning due to its exploitation of a widely impactful issue, increasing the risk of a larger number of victims.