Conexant Audio Driver MicTray.exe / MicTray64.exe Keylogger

Low Nessus Plugin ID 100161


An audio driver installed on the remote Windows host can act as a keylogger.


The Conexant audio driver package installed on the remote Windows host is affected by an information disclosure vulnerability in the debugging features of MicTray.exe or MicTray64.exe due to a LowLevelKeyboardProc Windows hook that is being used to capture keystrokes. This data is then leaked via debug messages that are accessible to any process that is running in the current user session or to a publicly readable log file. A local attacker can exploit this vulnerability, via a specially crafted application, to access the keylogging data and thereby disclose potentially sensitive information.


Apply the appropriate vendor-supplied patch.

See Also

Plugin Details

Severity: Low

ID: 100161

File Name: conexant_mictray_keylogger.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2017/05/12

Modified: 2017/05/15

Dependencies: 13855

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N


Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:conexant_systems:mictray

Required KB Items: SMB/Registry/Enumerated

Patch Publication Date: 2017/05/12

Vulnerability Publication Date: 2017/05/11

Reference Information

CVE: CVE-2017-8360