What types of malicious actions can be achieved through XAML data in ViewState generation?

Four types are introduced: executing commands (e.g., launching notepad), writing a file (e.g., a webshell), setting HTTP response headers, and setting the response body. Each uses specific XAML namespaces from System.Diagnostics or System.Web, and care must be taken with XAML escape characters, especially when writing files that contain code.