This Metasploit module exploits a stack overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.
d1baeef5ba6b111771fa5d96efb4b64cd26d7afcd05bc41178efc9a7b7a52d22