Backdoor in M.E.Doc - #VU11139

Vulnerability identifier: #VU11139

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: M.E.Doc

Affected software:
M.E.Doc

The security issue exists due to presence of backdoor code in updates, distributed from the official website. After update installation, the system becomes infected with NotPetya ransomware.

Malware, present in the code, also performs various attempts to infect other systems.

The vendor has issued version 10.01.190 which does not contain backdoor.

• https://www.facebook.com/medoc.ua/posts/1909626612658250
• https://load.medoc.ua/distr/medoc_10.01.190.zip