Date published: 2017-09-14T02:29:03.483-04:00
Date last modified: 2017-09-27T14:07:27.887-04:00
CVSS Score: 7.2
Principal attack vector: LOCAL
Reference URL: https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html
Summary: GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the “C:GST Offline Tool” directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.