// For flags

CVE-2024-3892

Local code execution vulnerability in Telerik UI for WinForms

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.

Es posible una vulnerabilidad de ejecución de código local en la interfaz de usuario de Telerik para WinForms a partir de v2021.1.122 pero antes de v2024.2.514. Esta vulnerabilidad podría permitir que un ensamblado de temas que no sea de confianza ejecute código arbitrario en el sistema Windows local.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-04-16 CVE Reserved
  • 2024-05-15 CVE Published
  • 2024-05-16 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
  • CAPEC-242: Code Injection
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Progress Software Corporation
Search vendor "Progress Software Corporation"
 Telerik UI For WinForms
Search vendor "Progress Software Corporation" for product "Telerik UI For WinForms"
 >= v2021.1.122 < v2024.2.514
Search vendor "Progress Software Corporation" for product "Telerik UI For WinForms" and version " >= v2021.1.122 < v2024.2.514"
en
Affected