I don't know if anybody has heard of the RPC / DCOM exploit for Win2k and WinXP, but it's pretty nasty. A simple .exe will give a full shell, or dos prompt, to the host with merely the target IP and OS type (XP or 2k).

I strongly advise that everybody running XP or 2K out there run Windows Update, there is a patch for this exploit. Patch Info

Again, this is some nasty sh*t and a pretty bad exploit. Be advised.