Local Code Execution Vulnerability in Telerik UI for WinForms
CVE-2024-3892

6.7MEDIUM

Key Information:

Vendor: Progress Software
Status: Telerik Ui For Winforms
Vendor: CVE Published:; 15 May 2024

Summary

A local code execution vulnerability exists in Telerik UI for WinForms that allows an untrusted theme assembly to potentially execute arbitrary code on a local Windows device. This issue affects versions beginning from v2021.1.122 and extends to those before v2024.2.514. As a result, systems utilizing affected versions may be susceptible to exploitation, which can lead to unauthorized actions being performed within the local environment.

Affected Version(s)

Telerik UI for WinForms Windows v2021.1.122

References

https://docs.telerik.com/devtools/winforms/knowledge-base...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 16, 2024