Malformed DCOM __RemoteGetClassObject request causes RPC mapper service to crash. After RPC crashes, it's possible for local attacker to hijack epmapper pipe and impersonate local system.
vulners.com/securityvulns/securityvulns:doc:4880
vulners.com/securityvulns/securityvulns:doc:4899