"We have had concerns about VoIP for a while, but there are not too many players in the space, security and otherwise, addressing VoIP security concerns," Drazic said.

"There have been a lot of products rolled out and while only there are a few large Australian implementations, risk review has been an area of research for us.

"We did not release the advisory until Skype got back to us and announced a patch which was Monday morning (22/05) last week."

Exploitation of the flaw will only occur when the potential victim opens the URI exploit in Internet Explorer, which also requires the user to visit or open a compromised HTML page. The attacker must also know the location of the specific file on the intended machine; however, a common target would be the Skype configuration file.