Vulnerability Details CVE-2017-8360
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://www.securitytracker.com/id/1038527
- https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
- https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
- http://www.securitytracker.com/id/1038527
- https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
- https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Products affected by CVE-2017-8360
-
cpe:2.3:a:conexant:mictray64:1.0.0.46
-
cpe:2.3:h:hp:elite_x2_1012_g1:-
-
cpe:2.3:h:hp:elitebook_1030_g1:-
-
cpe:2.3:h:hp:elitebook_725_g3:-
-
cpe:2.3:h:hp:elitebook_745_g3:-
-
cpe:2.3:h:hp:elitebook_755_g3:-
-
cpe:2.3:h:hp:elitebook_820_g3:-
-
cpe:2.3:h:hp:elitebook_828_g3:-
-
cpe:2.3:h:hp:elitebook_840_g3:-
-
cpe:2.3:h:hp:elitebook_848_g3:-
-
cpe:2.3:h:hp:elitebook_850_g3:-
-
cpe:2.3:h:hp:elitebook_folio_1040_g3:-
-
cpe:2.3:h:hp:elitebook_folio_g1:-
-
cpe:2.3:h:hp:probook_430_g3:-
-
cpe:2.3:h:hp:probook_440_g3:-
-
cpe:2.3:h:hp:probook_446_g3:-
-
cpe:2.3:h:hp:probook_450_g3:-
-
cpe:2.3:h:hp:probook_455_g3:-
-
cpe:2.3:h:hp:probook_470_g3:-
-
cpe:2.3:h:hp:probook_640_g2:-
-
cpe:2.3:h:hp:probook_645_g2:-
-
cpe:2.3:h:hp:probook_650_g2:-
-
cpe:2.3:h:hp:probook_655_g2:-
-
cpe:2.3:h:hp:zbook_15_g3:-
-
cpe:2.3:h:hp:zbook_15u_g3:-
-
cpe:2.3:h:hp:zbook_17_g3:-
-
cpe:2.3:h:hp:zbook_studio_g3:-
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_10:1511
-
cpe:2.3:o:microsoft:windows_10:1607
-
cpe:2.3:o:microsoft:windows_10:1703
-
cpe:2.3:o:microsoft:windows_10:1709
-
cpe:2.3:o:microsoft:windows_10:1803
-
cpe:2.3:o:microsoft:windows_10:1809
-
cpe:2.3:o:microsoft:windows_10:1903
-
cpe:2.3:o:microsoft:windows_10:1909
-
cpe:2.3:o:microsoft:windows_10:2004
-
cpe:2.3:o:microsoft:windows_10:2019
-
cpe:2.3:o:microsoft:windows_10:20h2
-
cpe:2.3:o:microsoft:windows_10:21h1
-
cpe:2.3:o:microsoft:windows_10:21h2
-
cpe:2.3:o:microsoft:windows_10:22h2
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_7:sp1