This is not a vulnerability or even privacy exposure in MSN, but just a demonstration of zone spoofing by using the %2F encoding bug. All the exposed MSN contact list and information is intentionally, and safely, exposed in the My Computer zone. Regards Thor Larholm, Security Researcher PivX Solutions, LLC Are You Secure? http://www.PivX.com -----Original Message----- From: drorshalev@hotmail.com [mailto:drorshalev@hotmail.com] Sent: 15. oktober 2002 15:05 To: bugtraq@securityfocus.com Subject: Who Need Friends ? IE & MSN expose contact list & other info
