It looks like that Skype can be made to execute arbitrary code through a buffer overflow when the software is called upon to handle malformed URLs that are in form of callto:// and skype://.
In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.
The link for this article located at Net-Security.org - LogError is no longer available.