A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an OEPlaceholderAtom record with a specially crafted placementId parameter.
Apply the update referenced in Microsoft Security Bulletin 10-004.
Exploit works on Microsoft PowerPoint 2003 SP3 and requires a user to open the exploit file in Microsoft PowerPoint.
The exploit is not executed until the exploit file is closed.
This exploit requires the IO::Uncompress::Gunzip and Compress::Zlib PERL modules from CPAN.