iDefense Security Advisory 02.09.10 – Remote exploitation of a use-after-free vulnerability in Microsoft Corp.’s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing multiple “OEPlaceholderAtom” records present in a “msofbtClientData” container. This record type is used to create a placeholder for an object #picture, text, etc.# on a slide. When a certain series of these records are present, it is possible to trigger a use-after-free vulnerability, which can lead to the execution of arbitrary code.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86219/02.09.10-2.txt
Source: https://packetstormsecurity.com/files/86219/iDEFENSE-Security-Advisory-2010-02-09.2.html