'The person to be exploited must be specifically selected and they must be convinced to browse to a web page or click on a hyperlink,' he said. 'While there are certain mitigating factors involved in a successful attack, the potential is there for an attacker to steal confidential files, including the user's Skype configuration.'

Theft of the Skype configuration could lead to further attacks such as ID theft, or listening in on users' conversations, he said.

'The best solution is to install the vendor-supplied update,' Moore said.

'As always, users should be aware of malicious emails and email attachments.'

When discovering security flaws the company works directly with the vendor involved to help secure their software, Moore said.