Windows Workstation service NetpManageIPCConnect buffer overflow

2006-11-27T00:00:00
ID SAINT:DF1400C076ECDD3EB321890E6B3218A4
Type saint
Reporter SAINT Corporation
Modified 2006-11-27T00:00:00

Description

Added: 11/27/2006
CVE: CVE-2006-4691
BID: 20985
OSVDB: 30263

Background

The Windows Workstation service routes network requests for file or printer resources.

Problem

A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain join request causes communication with a malicious domain controller.

Resolution

Install the patch referenced in Microsoft Security Bulletin 06-070.

References

<http://www.kb.cert.org/vuls/id/778036>
<http://archives.neohapsis.com/archives/bugtraq/2006-11/0245.html>

Limitations

Exploit works on Windows 2000 Service Pack 4. The SAINTexploit host must be able to bind to ports 53/UDP and 389/UDP.

Exploit requires the target to be configured to use the SAINTexploit host as its DNS server. Since this situation is unlikely to exist in the real world, this exploit is probably more useful as a proof of concept than a penetration test.

Platforms

Windows