A
vulnerability has been identified in Microsoft Windows, which could be
exploited by remote attackers to take complete control of an affected
system. This flaw is due to a buffer overflow error in the Workstation
service when processing a malformed "Hostname" argument via the
"NetpManageIPCConnect()" function called by "NetrJoinDomain2()", which
could be exploited by attackers to cause a denial of service or execute
arbitrary commands by sending a specially crafted message to a
vulnerable system.
Note : Microsoft Windows 2000 systems are primarily at risk. On Windows
XP Service Pack 2 the vulnerability could only be exploited by local
attackers.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Solution
Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS06-070.mspx