Ok. Let's say that my computer is competely ok, as far as I know... no viruses, no malware, nothing that shouldn't be on it.

Now, let's say that when I'm chatting with a buddy on AIM, and that buddy decides to direct connect with me, most likely for image insertion into the IM, what kinds of risks am I susceptible to?

I'm saying this knowing full well the person I'm DCing with is trustworthy. What I'm worried about is if my buddies computer is compromised in some way. I mean, it only seems logical that I'm at risk, too. I'm guessing this really is no different than having a port (or port range) out in the open and not secured, right? What can I be at risk for? Are attacks like this common?