This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of shared forms. It is possible to invoke a shared form in a way that allows arbitrary controls to be instantiated. An attacker can leverage this vulnerability to execute code in the context of the SharePoint web server process.