SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Embedded Server/Appliance)  >   HP Computer Vendors:   HPE
HP Computer Conexant HD Audio Driver Debug Keylogger Code Lets Local Users Obtain Keyboard Keystrokes
SecurityTracker Alert ID:  1038527
SecurityTracker URL:  http://securitytracker.com/id/1038527
CVE Reference:   CVE-2017-8360   (Links to External Site)
Date:  May 19 2017
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in HP Computers. A local user can obtain potentially sensitive information from a keylogger on the target system.

The system includes Conexant HD Audio Drivers that have a debugging feature (MicTray64.exe) enabled that records keystrokes to a file on the system. A local user can obtain potentially sensitive information from the keystroke log file on the target system.

The following models are affected:

HP Elite x2 1012 G1
HP EliteBook 725 G3
HP EliteBook 725 G4
HP EliteBook 745 G3
HP EliteBook 745 G4
HP EliteBook 755 G3
HP EliteBook 755 G4
HP EliteBook 820 G3
HP EliteBook 820 G4
HP EliteBook 828 G3
HP EliteBook 828 G4
HP EliteBook 840 G3
HP EliteBook 840 G4
HP EliteBook 848 G3
HP EliteBook 848 G4
HP EliteBook 850 G3
HP EliteBook 850 G4
HP EliteBook Folio 1030 G1
HP EliteBook Folio 1040 G3
HP EliteBook Folio G1
HP EliteBook x360 1030 G2
HP mt20 Mobile Thin Client
HP mt42 Mobile Thin Client
HP mt43 Mobile Thin Client
HP Pro X2 612 G2
HP ProBook 11 G2
HP ProBook 430 G3
HP ProBook 430 G4
HP ProBook 440 G3
HP ProBook 440 G4
HP ProBook 446 G3
HP ProBook 450 G3
HP ProBook 450 G4
HP ProBook 455 G3
HP ProBook 455 G4
HP ProBook 470 G3
HP ProBook 470 G4
HP ProBook 640 G2
HP ProBook 640 G3
HP ProBook 645 G2
HP ProBook 645 G3
HP ProBook 650 G2
HP ProBook 650 G3
HP ProBook 655 G2
HP ProBook 655 G3
HP ProBook x360 11 G1 EE
HP Spectre Pro 13 G1
HP ZBook 15 G3 Mobile Workstation
HP ZBook 15 G4 Mobile Workstation
HP ZBook 15u G3 Mobile Workstation
HP ZBook 15u G4 Mobile Workstation
HP ZBook 17 G3 Mobile Workstation
HP ZBook 17 G4 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP ZBook Studio G4 Mobile Workstation
HP Elite Slice (Win 7)
HP Elite Slice (Win10)
HP EliteDesk 800 35W G3 Desktop Mini PC
HP EliteDesk 800 65W G3 Desktop Mini PC
HP EliteDesk 800 G3 Small Form Factor PC
HP EliteDesk 800 G3 Tower PC
HP EliteDesk 880 G3 Tower PC
HP EliteOne 800 G3 23.8-inch Non-Touch All-in-One PC
HP EliteOne 800 G3 23.8-inch Touch All-in-One PC
HP ProDesk 400 G3 Desktop Mini PC
HP ProDesk 400 G4 Microtower PC
HP ProDesk 400 G4 Small Form Factor PC
HP ProDesk 480 G4 Microtower PC
HP ProDesk 600 G3 Desktop Mini PC
HP ProDesk 600 G3 Microtower PC
HP ProDesk 600 G3 Small Form Factor PC
HP ProDesk 680 G3 Microtower PC
HP ENVY Notebook 15-as000-as099
HP ENVY Notebook 15t-as00
HP ENVY Notebook m1-u100-u199
HP ENVY Notebook 17-u100-u199
HP ENVY Notebook 17t-u000
HP ENVY Notebook 15-as100-as199
HP ENVY Notebook 15t-as100
HP ENVY x360 m6-ar0xx
HP ENVY x360 15-ar0xx
HP ENVY x360 m6-aq0xx
HP ENVY x360 15-aq0xx
HP ENVY x360 m6-aq1xx
HP ENVY x360 15-aq1xx
HP Spectre 13-v000 ~ 13-v099
HP Spectre 13-v100 ~ 13-v199
HP ENVY x360 13-y0xx

The original advisory is available at:

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

Thorsten Schroeder from modzero AG reported this vulnerability.

Impact:   A local user can obtain potentially sensitive information from a keylogger on the target system.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor advisory.

The vendor advisory is available at:

https://support.hp.com/us-en/document/c05519670

Vendor URL:  support.hp.com/us-en/document/c05519670 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC