For an attacker to successfully exploit the flaw he must know the exact name and location of the file he wants to transfer on the victim's computer. The attacker must also authorize the victim, Security-Assessment.com says. This is easily done, with the attacker simply adding the victim to his contact list.

There are further URI handler flaws in Skype, Security-Assessment.com says. Other command-line switches could be exploited to manipulate or obtain victims' Skype user credentials.

Security-Assessment.com regularly performs application testing for its customers or as part of its own R&D, says Moore.

'In this case, we were reviewing Skype as part of a larger VOIP research program. Often we will notice what appears to be the potential for a vulnerability and investigate further.'

Moore says that a targeted attack is required to exploit this particular vulnerability.