Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Local Privilege Escalation via MSI Installer (sec-consult.com)
20 points by trustinmenowpls on Sept 12, 2024 | hide | past | favorite | 6 comments


This is way too broad of a title.

Title taken from their page:

> Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

I despise click bait.


I totally agree that appending in SoftMaker Office to the title does change the meaning dramatically. it narrows down the vulnerability to a specific product that uses the MSI installer but not the MSI as a technology.


It was probably shortened by HN automatically, but submitter should ideally have made efforts to improve it.


I tried to submit a story with a lengthy title a couple of days ago and HN refused to accept it until I'd cut it down. So it's probably the submitter's doing.


For reference, the max length of the title is 80 characters.


A lot of these types of exploits are out there because of the ability to run elevated (system) custom actions in the MSI.

It is part of why MSFT says to vendors "Switch to MsiX".




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: