This Metasploit module exploits a buffer overflow in Microsoft's Office Web Components. When passing an overly long string as the "HTMLURL" parameter an attacker can execute arbitrary code.
62af271be942f6f55dcf24ea35dcb2372b11bd7391f408ea6ae7a854ad04f5f7