Security researcher Aviv Raff has discovered and demonstrated a flaw within Skype that allows malicious code to execute when the software embeds video into chat. The problem is caused by Skype's web control. The program uses Internet Explorer to render internal and external HTML, but does so using "Local Zone" security settings. Full information on the "Skype cross-zone scripting vulnerability" is posted here. There, you can also watch a proof-of-concept footage of Skype launching Windows' calculator. The bug currently effects Skype v.3.6.0.244, and may be present in older versions of the client as well. At this point, the solution is to avoid running the "Add Video to Chat" Skype feature. Simply having the program installed or using its various other functions will not expose a system to potential infection.