Doubtful. Besides, flaws in the messenger SERVICE were exploited not long ago to propagate a virus/worm/trojan. As such, this service was updated and in XP SP2 flipped to the disabled setting.

Why I write doubtful is that Microsoft didn't include any security feature in the "packet" that arrives at the machine. Nothing authenticates it is from machine X, Y or Z. As such, all information in the "packet" can be falsified.