Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: OX
Published: 2023-11-02T13:01:35.652Z
Updated: 2024-08-02T14:00:14.652Z
Reserved: 2023-03-30T09:34:25.188Z
Link: CVE-2023-29045
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-02T14:15:11.153
Modified: 2024-11-21T07:56:26.413
Link: CVE-2023-29045
Redhat
No data.