"Free Wi-Fi" Scam In the Wild

DeadlyBattleRobot writes in with a story from Computerworld about a rather simple scam that has been observed in the wild in several US airports. Bad guys set up a computer-to-computer (ad hoc) network and name it "Free Wi-Fi." You join it and, if you have file sharing enabled, your computer becomes a zombie. The perp has set up Internet sharing so you actually get the connectivity you expected, and you are none the wiser. Of course no one reading this would fall for such an elementary con. The article gives detailed instructions on how to make sure your computer doesn't connect automatically to any offered network, and how to tell if an access point is really an ad hoc network (it's harder on Vista).

Article does not explain the zombification process

[dudeman2]

Connecting to the "Free Wi-Fi" and having your passwords and data sniffed is one thing, but how easy is it for the attacker to turn a Windows XP system into a zombie, merely by connecting to an attacker's wireless network?

Assumption #1. You run Windows XP, SP2, up to date with security patches
Assumption #2. You have Windows Firewall installed and configured for maximum security
Assumption #3. You are not sharing your folders on the network, or if you are, you're not allowing guest write access

(Now, I know how many Windows users do not follow #1,#2,#3 above..) but assuming they do, is a zero-day exploit required in order to zombify their PC?