To exploit the vulnerability, an attacker must be able to convince a user to open a malicious document on a vulnerable system. Attackers may provide documents to users as attachments to e-mail messages or by providing links to documents posted on public websites via e-mail or instant messages. Attackers may use social engineering techniques in an attempt to convince users to open a provided document.
If an exploit is successful, the attacker could execute arbitrary code on the system with the privileges of the user. On systems that grant users elevated privileges, the attacker could execute code to gain complete control over the system. On systems that restrict user privileges, an exploit may have a limited impact because any executed code would also run in a restricted security context.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the March 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2010