CVE-2024-3892

medium

Description

A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.

References

https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892

Details

Source: Mitre, NVD

Published: 2024-05-15

Updated: 2025-07-03

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.7

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H