Vulnerability CVE-2017-8360


Published: 2017-05-12   Modified: 2017-05-19

Description:
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

Vendor: Conexant
Product: Mictray64 
Version: 1.0.0.46;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

Copyright 2017, cxsecurity.com