Zero-day vulnerability in M.E.Doc

Backdoor

The backdoor code was distributed via automatic update functionality. The infected version 10.01.189 contained backdoor code, which downloaded and installed NotPetya ransomware along with other tools, indented to distribute malware within local network. 75% of victims were located in Ukraine.

Known malware:

NotPetya

Vulnerability details

Advisory: SB2017062710 - Backdoor in M.E.Doc software

Vulnerable component: M.E.Doc

CVE-ID:

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-20 - Improper Input Validation

Description:

The security issue exists due to presence of backdoor code in updates, distributed from the official website. After update installation, the system becomes infected with NotPetya ransomware.

Malware, present in the code, also performs various attempts to infect other systems.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.