Thanks Jimmy Daniels for emailing us. A universal cross-site scripting vulnerability exists in Microsoft's WebBrowser control that an attacker can exploit that can result in elevated privileges and session hijacking of the MSN Messenger client. This vulnerability stems from an error in the validation code in the dialogArguments property. The following software are affected:
- Microsoft Internet Explorer
- Microsoft Outlook
- Microsoft Outlook Express
- All application that host the WebBrowser control (IE 6.0 or newer).
News source: Security Administrator - Cross Site Scripting Vulnerability in Microsoft WebBrowser Control