A security assessment of WPF 4 Beta 2 browser-hosted applications. The findings are archived in the wpf4_pentest.zip file. This was part of ongoing XBAP/WPF security work during the WPF 4 pre-release cycle.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.