It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object.
vulners.com/securityvulns/securityvulns:doc:12801
vulners.com/securityvulns/securityvulns:doc:12802