In order to exploit this vulnerability, an attacker must convince a user to view a malicious Excel document on an affected system. The attacker may provide a document to the user as an attachment to an e-mail message, posted on a public website, or distributed over peer-to-peer file sharing services. In an effort to convince users to open the file, the attacker may name the document or craft messaging delivered with the document in such a way that the user believes the document is trusted or legitimate.
If an exploit is successful, the attacker could execute arbitrary code with the privileges of the user. On systems that grant users Administrator privileges, an exploit could allow the attacker to execute code resulting in a complete system compromise.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the June 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for June 2009
Microsoft has corrected this vulnerability by changing the method used to parse Excel files.