Just a quick post to draw attention to Ronald's excellent article at http://www.0x000000.com/?i=525 where he has pulled off a very interesting remote file access in IE7. The attack works by including an invalid DTD on an XML file which then streams the content of the requested file in its error message.
Use IE7? Be afraid.