An attacker cannot directly exploit this vulnerability, and instead must rely upon user interaction to accomplish an exploit. To successfully exploit this vulnerability the attacker must convince a user to view a malicious document using the vulnerable application. Attackers may provide documents within e-mail messages or hosted on public websites.
If an exploit is successful, the attacker could trigger the execution of arbitrary code with the privileges of the user. Systems that grant users elevated privileges may be at the greatest risk, as any code execution would also run with elevated privileges, possibly resulting in a complete system compromise.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the November 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for November 2009