CVE-2014-2816

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2013 Gold and SP1 Microsoft SharePoint Foundation 2013 Gold and SP1

Description An elevation of privilege issue exists, allowing remote authenticated users to gain privileges via a specially crafted app that executes arbitrary code in the security context of the logged-on user. This is achieved by exploiting a vulnerability in the SharePoint extensibility model, enabling the execution of custom actions.

Recommendations For Microsoft SharePoint Server 2013 Gold and SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2013 Gold and SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of custom apps and actions within the SharePoint extensibility model to minimize the risk of exploitation.