Security consultancy firm Next Generation Security Software (NGSS) has discovered "multiple high risk vulnerabilities" in the Windows version of the popular Eudora email client.
According to NGSS representative John Heasman, versions affected include Eudora 6.2.0 and below.
Heasman warned that the flaws permit hackers to execute arbitrary code on victims' PCs via previewing or opening a specially crafted email. Hackers can also run malicious programs by opening specially crafted stationary or mailbox files.
NGSS said that it was going to withhold details of the flaws for three months in a bid to prevent hackers exploiting them. The company promised to publish full details on 2 May.
"This three-month window will allow users of Eudora to apply the patch before the details are released to the general public. This reflects our approach to responsible disclosure," said Heasman.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all