CVE-2017-8360

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:conexant:mictray64:*:*:*:*:*:*:*:*
OR cpe:2.3:h:hp:elite_x2_1012_g1:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_1030_g1:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_725_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_745_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_755_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_820_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_828_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_840_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_848_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_850_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_folio_1040_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_folio_g1:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_430_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_440_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_446_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_450_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_455_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_470_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_640_g2:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_645_g2:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_650_g2:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_655_g2:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:zbook_15_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:zbook_15u_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:zbook_17_g3:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:zbook_studio_g3:-:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:33

Type Values Removed Values Added
References () http://www.securitytracker.com/id/1038527 - () http://www.securitytracker.com/id/1038527 -
References () https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt - Exploit, Mitigation, Technical Description, Third Party Advisory () https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt - Exploit, Mitigation, Technical Description, Third Party Advisory
References () https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html - Exploit, Technical Description, Third Party Advisory () https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html - Exploit, Technical Description, Third Party Advisory

Information

Published : 2017-05-12 07:29

Updated : 2024-11-21 03:33


NVD link : CVE-2017-8360

Mitre link : CVE-2017-8360

CVE.ORG link : CVE-2017-8360


JSON object : View

Products Affected

hp

  • zbook_15_g3
  • probook_446_g3
  • probook_650_g2
  • elite_x2_1012_g1
  • probook_470_g3
  • probook_455_g3
  • probook_430_g3
  • probook_645_g2
  • elitebook_745_g3
  • elitebook_848_g3
  • probook_655_g2
  • elitebook_840_g3
  • probook_440_g3
  • elitebook_828_g3
  • elitebook_725_g3
  • zbook_studio_g3
  • elitebook_folio_1040_g3
  • elitebook_1030_g1
  • elitebook_folio_g1
  • elitebook_820_g3
  • probook_450_g3
  • zbook_15u_g3
  • zbook_17_g3
  • probook_640_g2
  • elitebook_850_g3
  • elitebook_755_g3

conexant

  • mictray64

microsoft

  • windows_7
  • windows_10
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor