Microsoft Security Advisory MS09-017:
Microsoft PowerPoint contains several programming errors that may allow a remote attacker to execute code on a vulnerable system via a specially crafted PowerPoint file.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 15498 through 15506.
Additionally, a previously released rule identified with GID 3, SID 15454 will also detect attacks targeting these vulnerabilities.
Here's the link: http://www.snort.org/vrt/advisories/vrt-rules-2009-05-12.html