Zero Day Initiative Advisory 10-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees resources when parsing a malformed Office Art record. Due to the application not properly freeing up resources during handling a parsing error, the application will later access the freed reference which can lead to code execution under the context of the application.
422448f62776d8b309cb36060ecc7b079c7f561fe85f31b163bfe9f600eb5b3e