CVE-2024-3892: Local code execution vulnerability in Telerik UI for WinForms
First published: Wed May 15 2024(Updated: )
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Telerik UI for WinForms | >=2021.1.122<2024.2.514 | |
| Progress Telerik UI for WinForms | >=2021.1.122<2024.2.514 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-3892?
CVE-2024-3892 is classified as a local code execution vulnerability.
How do I fix CVE-2024-3892?
To fix CVE-2024-3892, upgrade Telerik UI for WinForms to version 2024.2.514 or later.
Who is affected by CVE-2024-3892?
CVE-2024-3892 affects users of Telerik UI for WinForms versions from 2021.1.122 to 2024.2.514.
What type of vulnerability is CVE-2024-3892?
CVE-2024-3892 is a local code execution vulnerability that allows untrusted theme assemblies to execute arbitrary code.
When was CVE-2024-3892 disclosed?
CVE-2024-3892 was disclosed as a vulnerability affecting specific versions of Telerik UI for WinForms.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/telerik
- canonical/progress telerik ui for winforms
- version/progress telerik ui for winforms/2021.1.122