This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication as a high-privileged user is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the SharePoint application pool identity.