Skype was notified of the potential flaw earlier this month and promptly issued a patch. General vulnerability dissemination was made on May 22, 2006 by Security-Assessment.com.

Skype has confirmed the vulnerability could allow users to "retrieve" files from other Skype users through unauthenticated connections due to a flaw present in the URI (Uniform Resource Identifiers).

The flaw is enabled through the URI handler installed during initiation of the Windows Skype client. It allows additional command line switches to be passed onto the Skype client, potentially allowing a file transfer.

For such a transfer to be initiated the attacker must authorize the victim, done easily through adding the victim to the attacker's contact list, which does not require authorization from the victim or Skype user.

Drazen Drazic, managing director of Security-Assessment.com said the bug affects all releases of Skype to Windows, up to and including the latest versions.