Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year. A new malware campaign is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. The PPSX file calls an XML file programmed in it to download “logo.doc” file from a remote location and runs it via the PowerPoint Show animations feature.
Source: https://thehackernews.com/2017/08/powerpoint-malware-ms-office.html