Skype is advising users to upgrade to a more recent version of its voice-over-IP software to fix a security bug reported late last week by a security researcher in New Zealand. The bug affects several versions of the Skype client for Windows and could allow an attacker to download a file from an affected PC without permission. Skype rated the vulnerability "medium risk."

It stems from a flaw in the way the Skype client handles a type of URI, or uniform resource indicator, which provide a standard way to access resources on the Internet. Skype installs several URI handlers during a typical client installation. To fall victim, a Skype user would have to be tricked into visiting a webpage set up by the attacker, said Brett Moore, a security researcher with Security-Assessment.com, who was credited with finding the hole.

The link for this article located at CIO.com is no longer available.