Attackers have no way to directly exploit this vulnerability, and instead must rely on user participation to accomplish an exploit. An attacker may provide links to users that direct users to malicious sites, or embed malicious script on public sites that attempt to launch exploits against users visiting the site.
Exploitation could allow the attacker to execute arbitrary code on the vulnerable system with the privileges of the user. If that user holds Administrator privileges, the attacker could execute code that results in a complete system compromise. On systems that permit users to run programs only with limited privileges, the impact of an exploit likely decreases, because any executed code would run with restricted privileges.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the July 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for July 2009.
The update available from Microsoft corrects this vulnerability by improving memory pointer updates.