India Goods and Services Tax Network (GSTN) Offline Utility Elevation of Privilege Vulnerability

A security vulnerability exists in GSTNofflinetool in the India Goods and Services Tax Network GSTN Offline Utility tool prior to version 1.2. A local attacker can exploit this vulnerability by replacing winstart-server.vbs with arbitrary VBScript code to gain privileges...

CVE-2017-13779

GSTN_offline_tool (GSTN Offline Utility) prior to version 1.2 stores winstart-server.vbs in C:\GST Offline Tool with insecure permissions, enabling local privilege escalation by replacing the VBScript with arbitrary code (e.g., a reverse shell). Affected: GSTN Offline Utility before 1.2. Root cau...

CVE-2017-13779

GSTNofflinetool in India Goods and Services Tax Network GSTN Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript...