Auckland-based Brett Moore, CTO of Australian, independent security company Security-Assessment.com, uncovered the flaw in Skype's software. Skype is now advising users to upgrade to its latest version to fix the bug.

Moore says that the type of vulnerability found in Skype is fairly common with applications that interact with internet browsers.

'We have previously discovered this type of vulnerability in two separate programs and there are public releases of similar issues in other programs,' he says.

The security flaw manifests itself through the way Skype handles Uniform Resource Identifiers (URIs) that point to names or addresses referring to resources.

Security-Assessment.com discovered that with one type of URI handler installed by Skype it was possible to include additional command-line switches. One such switch will set up a file transfer session that will allow data written to the local hard disk to be sent to another Skype user.