The folks at LSD have come out with a “proof of concept” code that will cause the victim computer to re-boot if they are running the messenger service...as if ads weren't bad enough. While most of us have disabled this service a long time ago there will be many who have not.

From the remarks:

/*

DoS Proof of Concept for MS03-043 - exploitation shouldn't be too hard.
Launching it one or two times against the target should make the
machine reboot. Tested against a Win2K SP4.

"The vulnerability results because the Messenger Service does not
properly validate the length of a message before passing it to the allocated
buffer" according to MS bulletin. Digging into it a bit more, we find that when
a character 0x14 in encountered in the 'body' part of the message, it is
replaced by a CR+LF. The buffer allocated for this operation is twice the size
of the string, which is the way to go, but is then copied to a buffer which
was only allocated 11CAh bytes. Thanks to that, we can bypass the length checks
and overflow the fixed size buffer.

Credits go to LSD

*/