Telerik UI for WinForms Unsafe Deserialization Vulnerability (CVE-2024-10013) Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Unsafe Deserialization Vulnerability (10013) 2. Description: - Product Alert Date: November 2024 - Affected Versions: Telerik UI for WinForms 2024 Q3 (2024.3.924) or earlier 3. Issue: - CWE-502: Unsafe Deserialization 4. Impact: - In Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack may be triggered via unsafe deserialization when loading external document styles (RichTextBox). 5. Solution: - Upgrade to version 2024 Q4 (2024.4.1113) is recommended. - All customers with a Telerik UI for WinForms license can access the download page. 6. Notes: - If the project does not use RichTextBox, the application is not affected by this vulnerability. - How to check Telerik UI for WinForms version: - Via source code: Check the Version property of any Telerik.WinControls. references in the project. - Via deployed application: Locate any Telerik.WinControls..dll files in the application directory, right-click, select Properties, and view the version. - For any questions or concerns, open a technical support case. 7. External References: - CVE-2024-10013 (High Severity) - CVSS Score: 7.8 - Affected Versions: In Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack may be triggered via unsafe deserialization when loading external document styles.

Goal Reached Thanks to every supporter — we hit 100%!

Telerik UI for WinForms Unsafe Deserialization Vulnerability (CVE-2024-10013) Advisory