This module exploits a stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. This service is accessible via the TCP port 139 and 445. When the target system is a Windows 2000, the Advanced Parameter DCERPC_MAX_FRAGMENT can't be larger than 4256, otherwise the exploit will not work. For Windows XP boxes, there is no apparent limit in this parameter, in this cases the exploit works even if fragmentation is disabled (-1).
CVE Link
Exploit Platform
Product Name