iDefense Security Advisory 10.13.09 – Remote exploitation of a memory corruption vulnerability in Microsoft Corp.’s Office could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the msofbtOPT Office Drawing record type. This record is used to provide default values for shape properties. By inserting a specially crafted property ID, it is possible to corrupt heap memory and overwrite an object pointer. iDefense has confirmed the existence of this vulnerability in Office XP SP3.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82028/10.13.09-4.txt
Source: https://packetstormsecurity.com/files/82028/iDEFENSE-Security-Advisory-2009-10-13.4.html