>> Microsoft Windows Workstation Service Remote Code Execution Vulnerability (MS06-070)
Title : Microsoft Windows Workstation Service Remote Code Execution Vulnerability (MS06-070) VUPEN ID : VUPEN/ADV-2006-4508 CVE ID : CVE-2006-4691
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-11-14
Technical Description
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the Workstation service when processing a malformed "Hostname" argument via the "NetpManageIPCConnect()" function called by "NetrJoinDomain2()", which could be exploited by attackers to cause a denial of service or execute arbitrary commands by sending a specially crafted message to a vulnerable system.
Note : Microsoft Windows 2000 systems are primarily at risk. On Windows XP Service Pack 2 the vulnerability could only be exploited by local attackers.
