This is not a vulnerability or even privacy exposure in MSN, but just a demonstration of zone spoofing by using the %2F encoding bug.
All the exposed MSN contact list and information is intentionally, and safely, exposed in the My Computer zone. Regards Thor Larholm, Security Researcher PivX Solutions, LLC Are You Secure? http://www.PivX.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 15. oktober 2002 15:05 To: [EMAIL PROTECTED] Subject: Who Need Friends ? IE & MSN expose contact list & other info