In order to exploit the vulnerability, an attacker must be able to convince a user to view a malicious document within Excel. The attacker may provide documents to the user as an attachment to an e-mail message or by providing links in e-mail or instant messages. An attacker may also use social engineering techniques in an attempt to convince users to open a provided document.
An exploit could allow the attacker to execute arbitrary code with the privileges of the user. Systems that grant users elevated privileges are at greatest risk, as any code execution would occur in a privileged security context, potentially allowing the attacker to take complete control over the system.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the March 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2010