A WPF XBAP (browser-hosted application) running in Internet Explorer could access the system clipboard when it should not have been able to. The compiled clipboard_hijacker.xbap demonstrates reading clipboard contents from within the partial-trust XBAP sandbox. The Visual Studio solution is included for reference. This was part of a broader WPF/XBAP security assessment.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.