The following is an exploit code that employs a 'Man In the Middle' attack against Messenger and its Hotmail module. The exploit code allows to:
1) Use the messenger scrambler bug to get passwords hashes.
2) Spoof a Hotmail site to retrieve plaintext passwords (since the protocol can be caused to transfer passwords in a non-encrypted form).
3) Remotely crash the client.
4) Upload a malicious program of your choice masqueraded as an update.