Techly NewsGet the app

Get the latest tech news

Local Privilege Escalation via MSI Installer


The MSI installers of SoftMaker Office and FreeOffice (SoftMaker) contained a privilege escalation vulnerability. This enabled a local, low-privileged attacker with GUI access to a system, where SoftMaker Office or FreeOffice are installed via MSI, to escalate the privileges to SYSTEM level.

" SoftMaker Office makes working with documents, spreadsheets and presentations a breeze – whether you're on Windows, Linux, Mac, iOS or Android." The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. Afterwards, any low-privileged user can start the repair of the software by double-clicking the installer and trigger the vulnerable actions without a UAC popup.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of msi installer

msi installer

« FDA Approves Apple AirPods As Hearing Aids
I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook »