Backdoor in M.E.Doc software

Published: 2017-06-27 | Updated: 2017-07-02
Severity Critical
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CWE ID CWE-20
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software M.E.Doc Subscribe
Vendor M.E.Doc

Security Advisory

This security advisory describes one critical risk vulnerability.

1) Backdoor

Severity: Critical

CVSSv3: 9.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Description

The security issue exists due to presence of backdoor code in updates, distributed from the official website. After update installation, the system becomes infected with NotPetya ransomware.

Malware, present in the code, also performs various attempts to infect other systems.

Mitigation

The vendor has issued version 10.01.190 which does not contain backdoor.

Vulnerable software versions

M.E.Doc: 10.01.188, 10.01.189

CPE External links

https://www.facebook.com/medoc.ua/posts/1909626612658250
https://load.medoc.ua/distr/medoc_10.01.190.zip

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.