An attacker cannot directly exploit this vulnerability and instead relies upon user participation to accomplish an exploit. The attacker must persuade a user to open a malicious document, likely provided as an attachment to an e-mail message or posted on a public website. The attacker may use social engineering techniques in an attempt to convince the user to open a provided document, possibly by making the document seem to originate from a trusted source.
If an exploit is successful, the attacker could execute arbitrary code with the privileges of the user. Systems that restrict user privileges likely have reduced risk in the event of an exploit, as any code execution will occur in a limited security context. Systems that grant users elevated privileges, such as membership in the Power Users or Administrator groups, could be at risk for complete compromise, as any executed code would run in an elevated security context.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the March 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2010