This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.
A specific flaw exists within the System.Workflow.ComponentModel.Compiler.WorkflowCompilerInternal class. This class allows an attacker to specify a path to an arbitrary workflow definition file. An attacker can leverage this vulnerability to execute code in the context of the web service account.
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.