Affected configuration(s):


Date published: 2017-09-14T02:29:03.483-04:00

Date last modified: 2017-09-27T14:07:27.887-04:00

CVSS Score: 7.2

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL:

Summary: GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the “C:GST Offline Tool” directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.