Technical Information

Brief overview of the risk:
An elevation of privilege vulnerability exists in SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary code in the security context of the logged-on user.
Detailed Information on the risk:

This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site.

Further information on this exploit is available at : MS14-050