Yes it is possible to create a user remotely through the File Sharing service.
Option 1. Use an exploit that matches the computer with the hole.
Option 2. If no public exploit exists, find a way to exploit the service yourself.
Option 3. Includes no exploiting. If the appropriate files are shared, you could have some backdoor execute at boot.