You have to trick someone into opening your presentation and clicking a specific button, that’s not something a random person knowing my email could easily do. It’s a problem but I wouldn’t exactly say it allows anyone to access anyone else’s private drive files.
My company IT sec person sent a presentation and asked everybody to follow a link inside the slide to go to the training website. So never underestimate a attack vector, also security is just a joke.
A random person knowing your email isn't totally random though. a normal person's email address is enough to track down some known associates. Spoof the email as coming from a business partner as the new deck for a side hustle, and the target has been phished. Multiply across every email leaked in recent mega leaks and it's a good thing it was patched!
Honestly, considering this allows anyone to access anyone else's private drive files, I would have expected the payout to be much higher