An attacker cannot exploit this vulnerability without user participation. For an exploit to occur, the attacker must convince a user to open a malicious document. The attacker may provide documents to the user as an attachment to an e-mail message or via links to download sites. The attacker may also use social engineering techniques when sending links or such documents.
If an exploit is successful, the attacker could execute arbitrary code on the system with the privileges of the user. If that user runs applications as the Administrator account, any code execution would occur in an elevated security context, allowing the attacker to take complete control over the system.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the February 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for February 2010