CVE-2017-16003

Name of the Vulnerable Software and Affected Versions: windows-build-tools versions prior to 1.0.0

Description: The issue concerns the insecure download of resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. If an attacker is positioned on the network or between the user and the remote server, they may swap the requested resources with an attacker-controlled copy, potentially leading to remote code execution (RCE). This can occur when an attacker intercepts the response and replaces the executable with a malicious one, resulting in code execution on the system running the affected software.

Recommendations: Update to version 1.0.0 or later.