An Australian security firm has discovered a vulnerability in a Skype URI (Uniform Resource Identifier) type that could potentially allow for a file transfer.
The company, Security-Assessment.com, did not issue an advisory until Skype had prepared a patch to fix the problem, so as not to draw hackers' attention to the problem.
It's not actually that simple for an attack to take place. In order for an attack to be carried out, the attacker must authorise the target on his or her contact list, which doesn't require authorisation from the target. However, the target must then be convinced to visit a website under the attackers control or open an exploit URI in Internet Explorer.
Then the attacker must know the location of whatever file he or she want from the victim's machine. A common target would be the Skype configuration file.
To install the Skype patch for this weakness under its security bulletins, or click here to go directly tohere