Microsoft · Skype For Windows · CVE-2005-3265
**Name of the Vulnerable Software and Affected Versions**
Skype for Windows versions 1.1.x.0 through 1.4.x.83
**Description**
The issue allows remote attackers to execute arbitrary code via (1) "callto://" and (2) "skype://" links, or (3) a non-standard VCARD, possibly due to an underlying error in the `SysUtils.WideFmtStr` Delphi routine.
**Recommendations**
For Skype for Windows versions 1.1.x.0 through 1.4.x.83, consider disabling the handling of "callto://" and "skype://" links, as well as non-standard VCARDs, until a patch is available. Restrict access to the `SysUtils.WideFmtStr` Delphi routine to minimize the risk of exploitation.