A security bug in Skype for Windows - improper handling of URI arguments - has been identified and Skype has released a patch that will fix this vulnerability.

The problem fixed by the patch: “An attacker who constructs a Skype URL that is malformed in a specific way can initiate the transfer of a single named file from one Skype user to another, provided that the sender follows the malicious link and that the recipient has previously authorized the sender.”

More information and patch download from Skype.