Backdoor in M.E.Doc software
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | This vulnerability is being exploited in the wild. |
| Vulnerable software Subscribe |
M.E.Doc Client/Desktop applications / Other client software |
| Vendor | M.E.Doc |
Security Bulletin
This security bulletin contains one critical risk vulnerability.
1) Backdoor
EUVDB-ID: #VU11139
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe security issue exists due to presence of backdoor code in updates, distributed from the official website. After update installation, the system becomes infected with NotPetya ransomware.
Malware, present in the code, also performs various attempts to infect other systems.
The vendor has issued version 10.01.190 which does not contain backdoor.
M.E.Doc: 10.01.188 - 10.01.189
External linkshttp://www.facebook.com/medoc.ua/posts/1909626612658250
http://load.medoc.ua/distr/medoc_10.01.190.zip
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
