CVE-2017-13779

Name of the Vulnerable Software and Affected Versions GSTN offline tool versions prior to 1.2

Description The issue allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code, due to insecure permissions in the "C:GST Offline Tool" directory. This can be exploited to create a TCP reverse shell for Remote Command Execution.

Recommendations For versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the winstart-server.vbs file in the "C:GST Offline Tool" directory to prevent local users from replacing it with malicious code.