This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects a vulnerability in Microsoft PowerPoint which may result in remote code execution.
Microsoft PowerPoint is prone to multiple remote code-execution vulnerabilities caused by an error in the 'Importer' feature when the application parses PowerPoint 95 files. Specifically, stack-based memory becomes corrupted when handling maliciously constructed sound data included in a '.ppt' file. These issues occur in the 'PP7X32.DLL' library and can be triggered with user-supplied data for either a record length value or a record name string.
A successful exploit would allow an attacker to execute arbitrary code in the context of the currently logged-in user.
The vendor has released an advisory and updates. Please see the references for details.