Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Telerik UI for WinForms by Progress Software Corporation

    CVE-2024-3892 (GCVE-0-2024-3892)

    Vulnerability from nvd – Published: 2024-05-15 16:43 – Updated: 2024-08-01 20:26
    VLAI
    Title
    Local code execution vulnerability in Telerik UI for WinForms
    Summary
    A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - : Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Progress Software Corporation Telerik UI for WinForms Affected: v2021.1.122 , < v2024.2.514 (semver)
    Create a notification for this product.
    progress telerik_ui Affected: 2021.1.122 , < 2024.2.514 (custom)
        cpe:2.3:a:progress:telerik_ui:2021.1.122:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-15 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:progress:telerik_ui:2021.1.122:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telerik_ui",
                "vendor": "progress",
                "versions": [
                  {
                    "lessThan": "2024.2.514",
                    "status": "affected",
                    "version": "2021.1.122",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-15T20:05:15.347511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:32:00.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:26:57.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Telerik UI for WinForms",
              "vendor": "Progress Software Corporation",
              "versions": [
                {
                  "lessThan": "v2024.2.514",
                  "status": "affected",
                  "version": "v2021.1.122",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-05-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system."
                }
              ],
              "value": "A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242: Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 : Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-15T16:43:36.426Z",
            "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
            "shortName": "ProgressSoftware"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Local code execution vulnerability in Telerik UI for WinForms",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "assignerShortName": "ProgressSoftware",
        "cveId": "CVE-2024-3892",
        "datePublished": "2024-05-15T16:43:36.426Z",
        "dateReserved": "2024-04-16T17:34:16.147Z",
        "dateUpdated": "2024-08-01T20:26:57.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3892 (GCVE-0-2024-3892)

    Vulnerability from cvelistv5 – Published: 2024-05-15 16:43 – Updated: 2024-08-01 20:26
    VLAI
    Title
    Local code execution vulnerability in Telerik UI for WinForms
    Summary
    A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - : Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Progress Software Corporation Telerik UI for WinForms Affected: v2021.1.122 , < v2024.2.514 (semver)
    Create a notification for this product.
    progress telerik_ui Affected: 2021.1.122 , < 2024.2.514 (custom)
        cpe:2.3:a:progress:telerik_ui:2021.1.122:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-15 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:progress:telerik_ui:2021.1.122:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "telerik_ui",
                "vendor": "progress",
                "versions": [
                  {
                    "lessThan": "2024.2.514",
                    "status": "affected",
                    "version": "2021.1.122",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-15T20:05:15.347511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:32:00.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:26:57.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Telerik UI for WinForms",
              "vendor": "Progress Software Corporation",
              "versions": [
                {
                  "lessThan": "v2024.2.514",
                  "status": "affected",
                  "version": "v2021.1.122",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-05-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system."
                }
              ],
              "value": "A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242: Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 : Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-15T16:43:36.426Z",
            "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
            "shortName": "ProgressSoftware"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Local code execution vulnerability in Telerik UI for WinForms",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "assignerShortName": "ProgressSoftware",
        "cveId": "CVE-2024-3892",
        "datePublished": "2024-05-15T16:43:36.426Z",
        "dateReserved": "2024-04-16T17:34:16.147Z",
        "dateUpdated": "2024-08-01T20:26:57.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }