In order to exploit the vulnerability, an attacker must rely upon user participation. The attacker must convince the user to view a malicious document, likely provided as an e-mail attachment or as a downloadable file on a public website. The attacker may use social engineering techniques in an attempt to convince the user that the source of the file is trusted or that the document contains important information.
If an exploit is successful, the attacker could execute arbitrary code with the permissions of the user. If that user holds elevated privileges, the attacker could execute code resulting in a complete system compromise. However, if the user runs applications with limited privileges, any executed code would run in a restricted security context, limiting overall impact.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the February 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for February 2010