In order to exploit this vulnerability, an attacker relies upon user interaction. The attacker must convince the user to view a malicious document, likely provided as an attachment to a malicious e-mail message. The attacker may use social engineering techniques in an attempt to convince the user that the document comes from a trusted source.
If an exploit is successful, the attacker could execute arbitrary code with the privileges of the user. If that user holds privileges equivalent to the Administrator account, the attacker could execute code resulting in a complete compromise. Systems that restrict user privileges may have a lower impact as the result of an exploit, as any executed code would run with limited privileges.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the July 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for July 2009