{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\\Users\\Public\\MicTray.log by any process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"}, {"name": "1038527", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038527"}, {"tags": ["x_refsource_MISC"], "url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8360", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\\Users\\Public\\MicTray.log by any process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html", "refsource": "MISC", "url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"}, {"name": "1038527", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038527"}, {"name": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt", "refsource": "MISC", "url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8360", "datePublished": "2017-05-12T06:54:00", "dateReserved": "2017-04-30T00:00:00", "dateUpdated": "2017-07-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:conexant:mictray64:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5B82B26-35F7-4580-83C3-8961F3267232", "versionEndIncluding": "1.0.0.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:elite_x2_1012_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "0160130B-8BCB-41A6-A7A5-B03A5083EF11", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_1030_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0A39EC7-86EE-458D-8743-7E139E28C18A", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_725_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DBD4012-6ABA-4EC5-8CE5-4BA947D660FD", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_745_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "056188C4-E214-4C71-8D84-5B7FF34146D2", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_755_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A69E93D-B289-4777-BDD0-B4AAA62441DB", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_820_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCD06E7E-045C-4A57-9197-1B12F686514C", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_828_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDAA1D9A-0191-4113-9A64-F7859E95870D", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_840_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "A67B506C-A2CD-4B4B-81C9-AB03B9164EFD", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_848_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDFE7CE8-7270-4E92-A659-D2B842604E83", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_850_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "17B61731-7ADD-4CB5-AE0D-0DA1D6C9C000", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_folio_1040_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDB7C8C9-7CF2-4EE3-8BD3-0A9573DDFB61", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:elitebook_folio_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "A855CCBF-BA02-426E-A645-B8B43F34F26D", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_430_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "1197F876-9F8E-4311-9D55-683BCDFA1BAD", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_440_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AC8772B-7770-40FF-A45E-65D55EF53335", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_446_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "772EA71F-0A1F-4D96-A3CE-72F685FEDA0C", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_450_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "887F7997-005D-4BCB-B607-AC0295B4A3D4", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_455_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4463B3F-3B8E-40E0-94E1-9CB1F2D342C0", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_470_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "569E785F-531A-47E8-ABD9-C5B6325E5AB5", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_640_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "61C10BE5-F877-4E67-A05A-975D3127303D", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_645_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "11D94E4D-69E9-4B7A-8AD5-D84E0D88783F", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_650_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "916C65AC-F54E-4C1D-8BC1-357E6C066186", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:probook_655_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBCCF83E-D3BA-44EC-AF21-80D92BA84DAF", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:zbook_15_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8577621-8CE8-4C94-9E37-A0A1AD76567C", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:zbook_15u_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "87151407-3BCE-4716-BEF9-3482F858D8FE", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:zbook_17_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE3D4433-E6DC-403B-B0B1-878121AA0EFD", "vulnerable": false}, {"criteria": "cpe:2.3:h:hp:zbook_studio_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "81015892-0FAB-4A12-8B58-2ABBAB369506", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\\Users\\Public\\MicTray.log by any process."}, {"lang": "es", "value": "La tarea mictray64 de Conexant Systems, tal como es usada en los sistemas HP Elite, EliteBook, ProBook y ZBook, filtra datos confidenciales (keystrokes) a cualquier proceso. En mictray64.exe (mic tray icon) versi\u00f3n 1.0.0.46, un hook de Windows en LowLevelKeyboardProc es usado para capturar las pulsaciones de teclas (keystrokes). Estos datos se filtran por medio de canales no deseados: mensajes de depuraci\u00f3n accesibles a cualquier proceso que se est\u00e9n ejecutando en la sesi\u00f3n de usuario actual y acceso al sistema de archivos en C:\\Users\\Public\\MicTray.log mediante cualquier proceso."}], "id": "CVE-2017-8360", "lastModified": "2017-07-08T01:29:18.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-12T07:29:00.187", "references": [{"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038527"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Technical Description", "Third Party Advisory"], "url": "https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}