Lame
Sorry - started playing around with this a bit.
It's not a bug, it's not an exploit - it's just lame.
Start a download, then at a dos prompt type "netstat -n"
Look for IP address followed by 1214
Take said address a put it in a browser.
Bamf - all the shared files.
But only the files the person had shared.
And yes some people are dumb and share there C drives.
Tested it out on whoever this poor person is:
http://xxx.xxx.142.63:1214/ <- who is now offline
Edit:
Trying to helping and not just complain :)
http://securityfocus.com/archive/1/211663