>Found this interesting XML attack against Python:
>https://pypi.python.org/pypi/defusedxml
>
>Curious if VFP's native XML functions have any vulnerabilities?

VFP ships with MDAC 2.6. Any MDAC before 2.8 is subject to a host of vulnerabilities: http://technet.microsoft.com/en-us/security/bulletin/ms06-014

Hank