Windows Workstation service NetpManageIPCConnect buffer overflow

Added: 11/27/2006
CVE: CVE-2006-4691
BID: 20985
OSVDB: 30263

Background

The Windows Workstation service routes network requests for file or printer resources.

Problem

A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain join request causes communication with a malicious domain controller.

Resolution

Install the patch referenced in Microsoft Security Bulletin 06-070.

References

http://www.kb.cert.org/vuls/id/778036
http://archives.neohapsis.com/archives/bugtraq/2006-11/0245.html

Limitations

Exploit works on Windows 2000 Service Pack 4. The SAINTexploit host must be able to bind to ports 53/UDP and 389/UDP.

Exploit requires the target to be configured to use the SAINTexploit host as its DNS server. Since this situation is unlikely to exist in the real world, this exploit is probably more useful as a proof of concept than a penetration test.

Platforms

Windows

Back to exploit index