Macromedia Flash has critical vulnerability

Internet Explorer and Opera users have been urged to upgrade to protect against a newly discovered flaw.

The vulnerability, in Flash Player version 7.0.19.0 and earlier, could allow a hacker to compromise a user's PC.

Macromedia confirmed the existence of the flaw, which it classified as critical, on Friday afternoon. It recommends the users upgrade to version 8.0.22.0.

"There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, thus leaving open the possibility that a third party could inject unauthorised code that would have been executed by Flash Player," Macromedia warned.

To see more details on the vulnerability, and download the updated version, click here. Security firm Secunia also classifies the vulnerability as highly critical.

"The Flash Player plug-in is used by more people than [just those using] Internet Explorer," said Thomas Kristensen, Secunia's chief technical officer. According to Secunia, only those who use the IE and Opera Web browsers are vulnerable to the Macromedia flaw, since other browsers, such as Firefox, do not include Flash player in their default set-up.

Kristensen added that he was surprised that Macromedia had issued the patch on Friday afternoon, as many potential victims might have been returning home and not learned about the problem until Monday, or later.

"The bad guys have had a whole weekend to write exploits," Kristensen said.

eEye Digital Security, a research firm, says it told Macromedia about the existence of the flaw on 27 June.