The flaw is not that easy to exploit. Seemingly, in order for an attack based on the flaw to be carried out, an attacker must authorise the target on his or her contact list, which doesn't require authorisation from the target, and then get the target to visit a website under the attacker’s control. Further to this, the attacker must also know the location of whatever files he or she wants from the victim's machine. Perhaps this might be used to read the user's Skype config file, or to gain access to some operating systems files that could facilitate further attacks.
More information may be found here.