The security breach came to light Thursday, a little more than a week after flaws were revealed in two other popular e-mail programs, Microsoft's Outlook and Netscape's email client that comes with its Communicator suite.
A Eudora user reported the bug earlier this week, according to San Diego-based Qualcomm Inc., which produces the software.
Someone could send Eudora users email with attachments that could erase files on the recipient's hard disk or plant a virus, said Matthew Parks, manager of Qualcomm's Eudora product line.
The flaw would be triggered when the user clicked on a hostile hyperlink in the email. Instead of linking to a Web page, the action would execute the attached file, which could then do the damage.
"There's been no report of instances of anybody losing data from this problem," Parks said Thursday. "Within two days of hearing about it, we actually will have the problem solved."
Qualcomm planned to release a "patch" on its Web site today that users may download to fix their software.
The flaw affects Eudora 4.0 and 4.0.1, as well as 4.1, which is being circulated in test form, operating on the Windows platform. Earlier versions of Eudora are not affected, nor are Macintosh versions. Market researchers estimate that there are 18 million copies of Eudora in use.
Finnish researchers discovered a programming error could enable a hacker to crash the Microsoft or Netscape mail programs and run a destructive application in its place. Both companies now offer a patch that users can download.
The Eudora problem was different, but "the potential for damage is the same," Parks said.
Written By Michelle Koidin