CVE-2017-8360

CVE	CVE-2017-8360
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-05-12 07:29:00 UTC
Updated	2025-04-20 01:37:25 UTC
Description	Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

Primary CVSS: v3.0 5.5 MEDIUM from [email protected]

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem Types: CWE-200 | n/a

Version	Source	Type	Score	Severity	Vector
3.0	[email protected]	Primary	5.5	MEDIUM	`CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N`
2.0	[email protected]	Primary	2.1		`AV:L/AC:L/Au:N/C:P/I:N/A:N`

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Type	Vendor	Product	Version	Update	Edition	Language
Application	Conexant	Mictray64	All	All	All	All
Hardware	Hp	Elitebook 1030 G1	-	All	All	All
Hardware	Hp	Elitebook 725 G3	-	All	All	All
Hardware	Hp	Elitebook 745 G3	-	All	All	All
Hardware	Hp	Elitebook 755 G3	-	All	All	All
Hardware	Hp	Elitebook 820 G3	-	All	All	All
Hardware	Hp	Elitebook 828 G3	-	All	All	All
Hardware	Hp	Elitebook 840 G3	-	All	All	All
Hardware	Hp	Elitebook 848 G3	-	All	All	All
Hardware	Hp	Elitebook 850 G3	-	All	All	All
Hardware	Hp	Elitebook Folio 1040 G3	-	All	All	All
Hardware	Hp	Elitebook Folio G1	-	All	All	All
Hardware	Hp	Elite X2 1012 G1	-	All	All	All
Hardware	Hp	Probook 430 G3	-	All	All	All
Hardware	Hp	Probook 440 G3	-	All	All	All
Hardware	Hp	Probook 446 G3	-	All	All	All
Hardware	Hp	Probook 450 G3	-	All	All	All
Hardware	Hp	Probook 455 G3	-	All	All	All
Hardware	Hp	Probook 470 G3	-	All	All	All
Hardware	Hp	Probook 640 G2	-	All	All	All
Hardware	Hp	Probook 645 G2	-	All	All	All
Hardware	Hp	Probook 650 G2	-	All	All	All
Hardware	Hp	Probook 655 G2	-	All	All	All
Hardware	Hp	Zbook 15u G3	-	All	All	All
Hardware	Hp	Zbook 15 G3	-	All	All	All
Hardware	Hp	Zbook 17 G3	-	All	All	All
Hardware	Hp	Zbook Studio G3	-	All	All	All
Operating System	Microsoft	Windows 10	All	All	All	All
Operating System	Microsoft	Windows 7	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

Reference	Source	Link	Tags
www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt	af854a3a-2127-422b-91ae-364da2661108	www.modzero.ch	Exploit, Mitigation, Technical Description, Third Party Advisory
HP Computer Conexant HD Audio Driver Debug Keylogger Code Lets Local Users Obtain Keyboard Keystrokes - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
[EN] Keylogger in Hewlett-Packard Audio Driver \| mod%log	af854a3a-2127-422b-91ae-364da2661108	www.modzero.ch	Exploit, Technical Description, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.