CVE-2017-8360
MEDIUMConexant mictray64 < 1.0.0.46 - Unauthenticated Exposure of Sensitive Information via Debug Messages and Log File
Title source: llmDescription
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
References (3)
Core 3
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038527
Exploit, Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
Scores
CVSS v3
5.5
EPSS
0.0052
EPSS Percentile
40.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
conexant/mictray64
< 1.0.0.46
Published
May 12, 2017
Tracked Since
Feb 18, 2026