CVE-2017-8360: Infoleak
First published: Fri May 12 2017(Updated: )
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Conexant mictray64 | <=1.0.0.46 | |
| HP Elite x2 1012 G1 Tablet with Travel Keyboard Firmware | ||
| HP EliteBook 1030 G1 Firmware | ||
| HP EliteBook 725 G3 Firmware | ||
| HP EliteBook 745 G3 Firmware | ||
| HP EliteBook 755 G3 Firmware | ||
| HP EliteBook 820 G3 Firmware | ||
| HP EliteBook 828 G3 Firmware | ||
| HP EliteBook 840 G3 Firmware | ||
| HP EliteBook 848 G3 Firmware | ||
| HP EliteBook 850 G3 | ||
| HP EliteBook Folio 1040 G3 Firmware | ||
| HP EliteBook Folio G1 Firmware | ||
| HP ProBook 430 G3 Firmware | ||
| HP ProBook 440 G3 Firmware | ||
| HP ProBook 446 G3 | ||
| HP ProBook 450 G3 Firmware | ||
| HP ProBook 455 G3 | ||
| HP ProBook 470 G3 Firmware | ||
| HP ProBook 640 G2 Firmware | ||
| HP ProBook 645 G2 Firmware | ||
| HP ProBook 650 G2 Firmware | ||
| HP ProBook 655 G2 | ||
| HP ZBook 15u G3 | ||
| HP ZBook 15u G3 Firmware | ||
| HP ZBook 17 G3 Firmware | ||
| HP ZBook Studio G3 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-8360?
CVE-2017-8360 is classified as a high-severity vulnerability due to the potential for sensitive data leakage.
How do I fix CVE-2017-8360?
To fix CVE-2017-8360, update the Conexant mictray64 software to a version higher than 1.0.0.46.
What systems are affected by CVE-2017-8360?
CVE-2017-8360 affects HP's Elite, EliteBook, ProBook, and ZBook systems that use Conexant mictray64 software.
What type of data is leaked in CVE-2017-8360?
CVE-2017-8360 leaks sensitive data including keystrokes captured through the LowLevelKeyboardProc Windows hook.
Is there a known exploit for CVE-2017-8360?
Yes, CVE-2017-8360 has been documented, and there are reports of its exploitation to capture keystrokes.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/conexant
- canonical/conexant mictray64
- version/conexant mictray64/1.0.0.46
- vendor/hp
- canonical/hp elite x2 1012 g1 tablet with travel keyboard firmware
- canonical/hp elitebook 1030 g1 firmware
- canonical/hp elitebook 725 g3 firmware
- canonical/hp elitebook 745 g3 firmware
- canonical/hp elitebook 755 g3 firmware
- canonical/hp elitebook 820 g3 firmware
- canonical/hp elitebook 828 g3 firmware
- canonical/hp elitebook 840 g3 firmware
- canonical/hp elitebook 848 g3 firmware
- canonical/hp elitebook 850 g3
- canonical/hp elitebook folio 1040 g3 firmware
- canonical/hp elitebook folio g1 firmware
- canonical/hp probook 430 g3 firmware
- canonical/hp probook 440 g3 firmware
- canonical/hp probook 446 g3
- canonical/hp probook 450 g3 firmware
- canonical/hp probook 455 g3
- canonical/hp probook 470 g3 firmware
- canonical/hp probook 640 g2 firmware
- canonical/hp probook 645 g2 firmware
- canonical/hp probook 650 g2 firmware
- canonical/hp probook 655 g2
- canonical/hp zbook 15u g3
- canonical/hp zbook 15u g3 firmware
- canonical/hp zbook 17 g3 firmware
- canonical/hp zbook studio g3
- vendor/microsoft
- canonical/microsoft windows 10
- canonical/microsoft windows 7