CVE-2017-8360

Name of the Vulnerable Software and Affected Versions Conexant Systems mictray64 version 1.0.0.46

Description The issue concerns the Conexant Systems mictray64 task, which is used on various HP systems, including Elite, EliteBook, ProBook, and ZBook. It leaks sensitive data, specifically keystrokes, to any process. This leakage occurs through two unintended channels: debug messages that can be accessed by any process running in the current user session, and filesystem access to the C:UsersPublicMicTray.log file, which can be accessed by any process.

Recommendations For Conexant Systems mictray64 version 1.0.0.46, consider restricting access to the MicTray.log file to minimize the risk of sensitive data leakage. Additionally, as a temporary workaround, disabling the LowLevelKeyboardProc Windows hook in mictray64.exe could help prevent keystroke capture until a more permanent solution is available.