CVE-2024-48694

Name of the Vulnerable Software and Affected Versions OfficeWeb365 versions 7.18.23.0 through 8.6.1.0

Description The issue allows a remote attacker to execute arbitrary code via the "pw/savedraw" component. This enables the attacker to upload files that can lead to code execution, potentially compromising the system.

Recommendations For versions 7.18.23.0 through 8.6.1.0, consider disabling the "pw/savedraw" component to prevent file upload and subsequent code execution until a patch is available. Restrict access to the file upload functionality in the affected versions to minimize the risk of exploitation.