An attacker cannot directly exploit this vulnerability and instead must rely on user interaction to accomplish an exploit. The attacker must convince a user to view a malicious document, likely provided as an attachment to an e-mail message delivered to the user. The attacker may use social engineering techniques to make the user more likely to open a provided document.
If the exploit is successful, the attacker could trigger the execution of arbitrary code with the privileges of the user. If that user holds elevated privileges, the attacker could gain complete control over the system. An exploit involving a user with restricted privileges is likely to result in a limited system compromise because any code executed would run in a limited security context.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the March 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2010