Attackers cannot directly exploit this vulnerability and instead rely upon user interaction in order to accomplish an exploit. The attacker must convince a user to view a malicious Excel document. Attackers may provide documents to users as an attachment to a targeted e-mail message or hosted on a remote website.
If the user opens a provided document, the attacker could trigger the execution of arbitrary code on the vulnerable system. Any executed code would run with the privileges of the user. If that user holds elevated privileges, the attacker could gain complete control over the system.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the June 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for June 2009
The available update from Microsoft corrects this vulnerability by changing the method for parsing Excel documents.