For an attacker to successfully exploit the flaw he must know the exact name and location of the file he wants to transfer on the victim's computer. The attacker must also authorize the victim, Security-Assessment.com said. This is easily done, with the attacker simply adding the victim to his contact list.

There are further URI handler flaws in Skype, Security-Assessment.com said. Other command-line switches could be exploited to manipulate or obtain victims' Skype user credentials.

Security-Assessment.com regularly performs application testing for its customers or as part of its own R&D, said Moore.

'In this case, we were reviewing Skype as part of a larger VoIP research program. Often we will notice what appears to be the potential for a vulnerability and investigate further.'

Moore said that a targeted attack is required to exploit this particular vulnerability.