8 comments

[ 3.2 ms ] story [ 28.4 ms ] thread
This is way too broad of a title.

Title taken from their page:

> Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

I despise click bait.

It was probably shortened by HN automatically, but submitter should ideally have made efforts to improve it.
I tried to submit a story with a lengthy title a couple of days ago and HN refused to accept it until I'd cut it down. So it's probably the submitter's doing.
For reference, the max length of the title is 80 characters.
I totally agree that appending in SoftMaker Office to the title does change the meaning dramatically. it narrows down the vulnerability to a specific product that uses the MSI installer but not the MSI as a technology.
(comment deleted)
(comment deleted)
A lot of these types of exploits are out there because of the ability to run elevated (system) custom actions in the MSI.

It is part of why MSFT says to vendors "Switch to MsiX".