Lucene search

[email protected]NVD:CVE-2017-8360

HistoryMay 12, 2017 - 7:29 a.m.

CVE-2017-8360

2017-05-1207:29:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

28.6%

JSON

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

Affected configurations

Nvd

Node

conexantmictray64Range≤1.0.0.46

AND

hpelite_x2_1012_g1Match-

hpelitebook_1030_g1Match-

hpelitebook_725_g3Match-

hpelitebook_745_g3Match-

hpelitebook_755_g3Match-

hpelitebook_820_g3Match-

hpelitebook_828_g3Match-

hpelitebook_840_g3Match-

hpelitebook_848_g3Match-

hpelitebook_850_g3Match-

hpelitebook_folio_1040_g3Match-

hpelitebook_folio_g1Match-

hpprobook_430_g3Match-

hpprobook_440_g3Match-

hpprobook_446_g3Match-

hpprobook_450_g3Match-

hpprobook_455_g3Match-

hpprobook_470_g3Match-

hpprobook_640_g2Match-

hpprobook_645_g2Match-

hpprobook_650_g2Match-

hpprobook_655_g2Match-

hpzbook_15_g3Match-

hpzbook_15u_g3Match-

hpzbook_17_g3Match-

hpzbook_studio_g3Match-

AND

microsoftwindows_10

microsoftwindows_7

VendorProductVersionCPE
conexantmictray64*cpe:2.3:a:conexant:mictray64:*:*:*:*:*:*:*:*
hpelite_x2_1012_g1-cpe:2.3:h:hp:elite_x2_1012_g1:-:*:*:*:*:*:*:*
hpelitebook_1030_g1-cpe:2.3:h:hp:elitebook_1030_g1:-:*:*:*:*:*:*:*
hpelitebook_725_g3-cpe:2.3:h:hp:elitebook_725_g3:-:*:*:*:*:*:*:*
hpelitebook_745_g3-cpe:2.3:h:hp:elitebook_745_g3:-:*:*:*:*:*:*:*
hpelitebook_755_g3-cpe:2.3:h:hp:elitebook_755_g3:-:*:*:*:*:*:*:*
hpelitebook_820_g3-cpe:2.3:h:hp:elitebook_820_g3:-:*:*:*:*:*:*:*
hpelitebook_828_g3-cpe:2.3:h:hp:elitebook_828_g3:-:*:*:*:*:*:*:*
hpelitebook_840_g3-cpe:2.3:h:hp:elitebook_840_g3:-:*:*:*:*:*:*:*
hpelitebook_848_g3-cpe:2.3:h:hp:elitebook_848_g3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
conexant	mictray64	*	cpe:2.3:a:conexant:mictray64::::::::
hp	elite_x2_1012_g1	-	cpe:2.3:h:hp:elite_x2_1012_g1:-:::::::*
hp	elitebook_1030_g1	-	cpe:2.3:h:hp:elitebook_1030_g1:-:::::::*
hp	elitebook_725_g3	-	cpe:2.3:h:hp:elitebook_725_g3:-:::::::*
hp	elitebook_745_g3	-	cpe:2.3:h:hp:elitebook_745_g3:-:::::::*
hp	elitebook_755_g3	-	cpe:2.3:h:hp:elitebook_755_g3:-:::::::*
hp	elitebook_820_g3	-	cpe:2.3:h:hp:elitebook_820_g3:-:::::::*
hp	elitebook_828_g3	-	cpe:2.3:h:hp:elitebook_828_g3:-:::::::*
hp	elitebook_840_g3	-	cpe:2.3:h:hp:elitebook_840_g3:-:::::::*
hp	elitebook_848_g3	-	cpe:2.3:h:hp:elitebook_848_g3:-:::::::*

Rows per page:

1-10 of 291

References

www.securitytracker.com/id/1038527

www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

28.6%

JSON

Related for NVD:CVE-2017-8360

cve1 cvelist1 prion1 threatpost1 thn1 nessus1