Found a nasty little XSS (Cross Site Scripting) bug on Microsoft's MSDN website earlier. It allows a user to control the main frame, which could be quite handy to someone when used with a little social engineering.
Anyway, I won't go into too much detail as they have yet to fix it (working with them now), so I'll just post a couple of screen I took. In these I have hosted a modified MS webpage on a personal server and simply edited with a meta-refresh and link pointing to MS07-042.exe. Obviously this could also be replaced with an MPack iframe or similar.