SkypeにおいてURIの処理に脆弱性があって、リモートから任意のコードを実行できるそうです。

Remote exploitation of a security policy bypass in Windows Skype versions could allow an attacker to execute arbitrary code.
URI handler in Skype performs checks upon the URL to verify that the link does not contain certain file extensions related to executable file formats. If the link is found to contain a blacklisted executable file extension a security warning dialog is shown to the user. This check is flawed in two ways. The check is performed using the case sensitive comparison.
The second flaw in this check is that the blacklist fails to mention all potential executable file formats. This allows an attacker to bypass this security policy and execute arbitrary code if a victim clicks an attacker supplied URL.

関連URL

• Skype、脆弱性修正のアップデート公開 - ITmedia エンタープライズ
• Skype、脆弱性を修正した「Skype for Windows 3.8.0.139」を公開