Like many flaws of this nature, it can lead to code execution and ultimately system compromise:
Exploitation of this vulnerability could allow remote attackers to execute arbitrary code with the credentials of the currently logged on user.
Exploitation occurs simply by viewing a malicious message that contains a specially constructed UTF-8 string.
Whether or not people have been affected by this flaw isn't posted on the Trillian blog. If you are using a 3.x branch of Trillian you should update when you can.