Attackers cannot directly exploit this vulnerability and instead must rely upon user interaction to accomplish an exploit. The attacker may provide a document to a user as an attachment to an e-mail message or provide links to the user within e-mail or instant messages that direct the user to a document posted on a website. The attacker may use social engineering techniques in an attempt to convince the user to view a provided document, possibly by making the document seem to originate from a trusted source.
If the user opens the document, the attacker could trigger the execution of arbitrary code with the privileges of the user. Systems that limit user privileges likely have a reduced impact in the event of an exploit, as any code execution would occur in a restricted security context. However, on systems where users run applications with elevated privileges, an exploit could result in a complete compromise.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the March 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2010