The improper handling of URI arguments can initiates the transfer of a single named file from one to another Skype user.

An attacker can construct a malformed URL that can initiate the transfer of a single named file from one Skype user to another. Successful exploitation requires that the user follows a malicious Skype URL and that the recipient has previously authorised the sender.

Affected versions:

Skype for Windows:
All releases prior to and including 2.0.*.104
Release 2.5.*.0 to and including 2.5.*.78

More information can be found here.

The official workaround is available here.