Some RSS readers are vulnerable to security exploits and other annoyances embedded in RSS/XML feeds. This morning, Phil showed me a proof-of-concept sample for Newsgator, the Outlook-based RSS reader, triggered by VBScript code in an RSS feed that e-mails a random person in your Outlook address book.
Just to be clear, I’m not saying this is a serious issue. Users only subscribe to trusted RSS feeds, and feed providers are extremely unlikely to put malicious code in their feeds. It’s just interesting that it works.