Local Code Execution Vulnerability in Telerik UI for WinForms
CVE-2024-3892

7.2HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Ui For Winforms
Vendor: CVE Published:; 15 May 2024

Summary

A local code execution vulnerability exists in Telerik UI for WinForms that allows an untrusted theme assembly to potentially execute arbitrary code on a local Windows device. This issue affects versions beginning from v2021.1.122 and extends to those before v2024.2.514. As a result, systems utilizing affected versions may be susceptible to exploitation, which can lead to unauthorized actions being performed within the local environment.

Affected Version(s)

Telerik UI for WinForms Windows v2021.1.122

References

https://docs.telerik.com/devtools/winforms/knowledge-base...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 16, 2024