Skype 1.1.0.20 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
skype technologies skype