Multiple vulnerabilities in Microsoft Windows Lightweight Directory Access Protocol (LDAP)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-49121 CVE-2024-49127 CVE-2024-49112 CVE-2024-49113 |
| CWE-ID | CWE-476 CWE-416 CWE-190 CWE-125 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU101412
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-49121
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Windows Lightweight Directory Access Protocol (LDAP). A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before 10 21H2 10.0.19044.5247, 10 22H2 10.0.19045.5247, 10 1507 10.0.10240.20857, 10 1607 10.0.14393.7606, 10 1809 10.0.17763.6659, 11 22H2 10.0.22621.4602, 11 23H2 10.0.22631.4602, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247
Windows Server: before 2008 R2 6.1.7601.27467, 2008 6.0.6003.23016, 2012 R2 6.3.9600.22318, 2012 6.2.9200.25222, 2016 10.0.14393.7606, 2022 10.0.20348.2908, 2022 10.0.20348.2966, 2022 23H2 10.0.25398.1308, 2025 10.0.26100.2528, 2025 10.0.26100.2605, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49121
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU101415
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49127
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Windows Lightweight Directory Access Protocol (LDAP). A remote attacker can win a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before 10 21H2 10.0.19044.5247, 10 22H2 10.0.19045.5247, 10 1507 10.0.10240.20857, 10 1607 10.0.14393.7606, 10 1809 10.0.17763.6659, 11 22H2 10.0.22621.4602, 11 23H2 10.0.22631.4602, 11 24H2 10.0.26100.2528, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247
Windows Server: before 2008 R2 6.1.7601.27467, 2008 6.0.6003.23016, 2012 R2 6.3.9600.22318, 2012 6.2.9200.25222, 2016 10.0.14393.7606, 2022 10.0.20348.2908, 2022 10.0.20348.2966, 2022 23H2 10.0.25398.1308, 2025 10.0.26100.2528, 2025 10.0.26100.2605, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467
CPE2.3https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49127
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU101414
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2024-49112
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Windows Lightweight Directory Access Protocol (LDAP). A remote attacker can use a specially crafted set of LDAP calls, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before 10 21H2 10.0.19044.5247, 10 22H2 10.0.19045.5247, 10 1507 10.0.10240.20857, 10 1607 10.0.14393.7606, 10 1809 10.0.17763.6659, 11 22H2 10.0.22621.4602, 11 23H2 10.0.22631.4602, 11 24H2 10.0.26100.2528, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247
Windows Server: before 2008 R2 6.1.7601.27467, 2008 6.0.6003.23016, 2012 R2 6.3.9600.22318, 2012 6.2.9200.25222, 2016 10.0.14393.7606, 2022 10.0.20348.2908, 2022 10.0.20348.2966, 2022 23H2 10.0.25398.1308, 2025 10.0.26100.2528, 2025 10.0.26100.2605, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467
CPE2.3https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49112
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Out-of-bounds read
EUVDB-ID: #VU101413
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-49113
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in Windows Lightweight Directory Access Protocol (LDAP). A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before 10 21H2 10.0.19044.5247, 10 22H2 10.0.19045.5247, 10 1507 10.0.10240.20857, 10 1607 10.0.14393.7606, 10 1809 10.0.17763.6659, 11 22H2 10.0.22621.4602, 11 23H2 10.0.22631.4602, 11 24H2 10.0.26100.2528, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247, 10 21H2 10.0.19044.5247
Windows Server: before 2008 R2 6.1.7601.27467, 2008 6.0.6003.23016, 2012 R2 6.3.9600.22318, 2012 6.2.9200.25222, 2016 10.0.14393.7606, 2022 10.0.20348.2908, 2022 10.0.20348.2966, 2022 23H2 10.0.25398.1308, 2025 10.0.26100.2528, 2025 10.0.26100.2605, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467, 2008 R2 6.1.7601.27467
CPE2.3https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49113
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
