The Windows Workstation service routes network requests for file or printer resources.
A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain join request causes communication with a malicious domain controller.
Install the patch referenced in Microsoft Security Bulletin 06-070.
Exploit works on Windows 2000 Service Pack 4. The SAINTexploit host must be able to bind to ports 53/UDP and 389/UDP.
Exploit requires the target to be configured to use the SAINTexploit host as its DNS server. Since this situation is unlikely to exist in the real world, this exploit is probably more useful as a proof of concept than a penetration test.