Backdoor in M.E.Doc software

Published: 2017-06-27 18:40:34 | Updated: 2017-07-02
Severity Critical
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CVSSv3 9.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software M.E.Doc
Vulnerable software versions M.E.Doc 10.01.188
M.E.Doc 10.01.189
Vendor URL M.E.Doc

Security Advisory

1) Backdoor

Description

The security issue exists due to presence of backdoor code in updates, distributed from the official website. After update installation, the system becomes infected with NotPetya ransomware.

Malware, present in the code, also performs various attempts to infect other systems.

Remediation

The vendor has issued version 10.01.190 which does not contain backdoor.

External links

https://www.facebook.com/medoc.ua/posts/1909626612658250
https://load.medoc.ua/distr/medoc_10.01.190.zip

Back to List