All the vulnerabilites related to conexant - mictray64
cve-2017-8360
Vulnerability from cvelistv5
Published
2017-05-12 06:54
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1038527 | vdb-entry, x_refsource_SECTRACK | |
| https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"
},
{
"name": "1038527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038527"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\\Users\\Public\\MicTray.log by any process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"
},
{
"name": "1038527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038527"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\\Users\\Public\\MicTray.log by any process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html",
"refsource": "MISC",
"url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"
},
{
"name": "1038527",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038527"
},
{
"name": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt",
"refsource": "MISC",
"url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8360",
"datePublished": "2017-05-12T06:54:00",
"dateReserved": "2017-04-30T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-05-12 07:29
Modified
2024-11-21 03:33
Severity ?
Summary
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1038527 | ||
| cve@mitre.org | https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt | Exploit, Mitigation, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038527 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt | Exploit, Mitigation, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| conexant | mictray64 | * | |
| hp | elite_x2_1012_g1 | - | |
| hp | elitebook_1030_g1 | - | |
| hp | elitebook_725_g3 | - | |
| hp | elitebook_745_g3 | - | |
| hp | elitebook_755_g3 | - | |
| hp | elitebook_820_g3 | - | |
| hp | elitebook_828_g3 | - | |
| hp | elitebook_840_g3 | - | |
| hp | elitebook_848_g3 | - | |
| hp | elitebook_850_g3 | - | |
| hp | elitebook_folio_1040_g3 | - | |
| hp | elitebook_folio_g1 | - | |
| hp | probook_430_g3 | - | |
| hp | probook_440_g3 | - | |
| hp | probook_446_g3 | - | |
| hp | probook_450_g3 | - | |
| hp | probook_455_g3 | - | |
| hp | probook_470_g3 | - | |
| hp | probook_640_g2 | - | |
| hp | probook_645_g2 | - | |
| hp | probook_650_g2 | - | |
| hp | probook_655_g2 | - | |
| hp | zbook_15_g3 | - | |
| hp | zbook_15u_g3 | - | |
| hp | zbook_17_g3 | - | |
| hp | zbook_studio_g3 | - | |
| microsoft | windows_10 | * | |
| microsoft | windows_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:conexant:mictray64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B82B26-35F7-4580-83C3-8961F3267232",
"versionEndIncluding": "1.0.0.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:elite_x2_1012_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0160130B-8BCB-41A6-A7A5-B03A5083EF11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_1030_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A39EC7-86EE-458D-8743-7E139E28C18A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_725_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBD4012-6ABA-4EC5-8CE5-4BA947D660FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_745_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "056188C4-E214-4C71-8D84-5B7FF34146D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_755_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A69E93D-B289-4777-BDD0-B4AAA62441DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_820_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD06E7E-045C-4A57-9197-1B12F686514C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_828_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAA1D9A-0191-4113-9A64-F7859E95870D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_840_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A67B506C-A2CD-4B4B-81C9-AB03B9164EFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_848_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFE7CE8-7270-4E92-A659-D2B842604E83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_850_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17B61731-7ADD-4CB5-AE0D-0DA1D6C9C000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_folio_1040_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB7C8C9-7CF2-4EE3-8BD3-0A9573DDFB61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:elitebook_folio_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A855CCBF-BA02-426E-A645-B8B43F34F26D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_430_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1197F876-9F8E-4311-9D55-683BCDFA1BAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_440_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC8772B-7770-40FF-A45E-65D55EF53335",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_446_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "772EA71F-0A1F-4D96-A3CE-72F685FEDA0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_450_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887F7997-005D-4BCB-B607-AC0295B4A3D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_455_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4463B3F-3B8E-40E0-94E1-9CB1F2D342C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_470_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "569E785F-531A-47E8-ABD9-C5B6325E5AB5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_640_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61C10BE5-F877-4E67-A05A-975D3127303D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_645_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11D94E4D-69E9-4B7A-8AD5-D84E0D88783F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_650_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "916C65AC-F54E-4C1D-8BC1-357E6C066186",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:probook_655_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCCF83E-D3BA-44EC-AF21-80D92BA84DAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:zbook_15_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8577621-8CE8-4C94-9E37-A0A1AD76567C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:zbook_15u_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87151407-3BCE-4716-BEF9-3482F858D8FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:zbook_17_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3D4433-E6DC-403B-B0B1-878121AA0EFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:zbook_studio_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81015892-0FAB-4A12-8B58-2ABBAB369506",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\\Users\\Public\\MicTray.log by any process."
},
{
"lang": "es",
"value": "La tarea mictray64 de Conexant Systems, tal como es usada en los sistemas HP Elite, EliteBook, ProBook y ZBook, filtra datos confidenciales (keystrokes) a cualquier proceso. En mictray64.exe (mic tray icon) versi\u00f3n 1.0.0.46, un hook de Windows en LowLevelKeyboardProc es usado para capturar las pulsaciones de teclas (keystrokes). Estos datos se filtran por medio de canales no deseados: mensajes de depuraci\u00f3n accesibles a cualquier proceso que se est\u00e9n ejecutando en la sesi\u00f3n de usuario actual y acceso al sistema de archivos en C:\\Users\\Public\\MicTray.log mediante cualquier proceso."
}
],
"id": "CVE-2017-8360",
"lastModified": "2024-11-21T03:33:51.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-12T07:29:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038527"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}