CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.6%
Added: 11/27/2006
CVE: CVE-2006-4691
BID: 20985
OSVDB: 30263
The Windows Workstation service routes network requests for file or printer resources.
A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain join request causes communication with a malicious domain controller.
Install the patch referenced in Microsoft Security Bulletin 06-070.
http://www.kb.cert.org/vuls/id/778036
http://archives.neohapsis.com/archives/bugtraq/2006-11/0245.html
Exploit works on Windows 2000 Service Pack 4. The SAINTexploit host must be able to bind to ports 53/UDP and 389/UDP.
Exploit requires the target to be configured to use the SAINTexploit host as its DNS server. Since this situation is unlikely to exist in the real world, this exploit is probably more useful as a proof of concept than a penetration test.
Windows