Israeli-based Security researcher Aviv Raff (opens in new tab) has discovered a weakness in Skype's way of rendering internal and external HTML pages that makes it particularly vulnerable to hackers.
Skype runs HTML pages in a non locked local zone mode which means that whoever is able to inject malicious code in one page rendered in the local zone could potentially execute code on the user's computer.
A proof of concept was made public by Raff and a fellow researcher Miroslav Lucinskij with more information available in a Skype security bulletin (opens in new tab) entitled "Skype Cross Zone Scripting Vulnerability".
Arstechnica (opens in new tab) reports that although this would require malware authors to find a trusted site which can be infected via a cross-zone scripting error, it is not particularly difficult to find such sites.
Computerworld (opens in new tab) mentions Security researcher and Penetration tester Petko Petkov (opens in new tab) who pointed to how easy it was to build an attack, "When a given resource executes within the Local Zone context, all sorts of things are possible like, including but not only, reading/writing files from the local disc and launching executables through the WSH primitives."
The vulnerability affects all versions of Windows-based Skype including the most up to date 3.6 and gave it a score of 10, the highest rating allowed.
The only way to make sure that your computer is not compromised is not to search for videos within Skype for a foreseeable future.