CVE-2024-3892

EUVD-2024-32460
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
progresstelerik_ui_for_winforms
2021.1.122 ≤
𝑥
< 2024.2.514
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
progresstelerik_ui
2021.1.122 ≤
𝑥
< 2024.2.514
ADP
Common Weakness Enumeration
References
https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892
https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892