Macromedia has warned of a critical bug in its Flash Player — one of the most widely used pieces of software on the desktop — that could allow attackers to take over a system.eEye, the security research firm co-credited with discovering the bug, said it had demonstrated “reliable exploitation” using the bug in the Internet Explorer browser, but other browsers are also said to be just as open to attack. Macromedia also credited Sec Consult with the discovery.The flaw affects all Windows versions of Flash Player 6.x and Flash Player 7.0.19.0 and earlier, but has already been addressed in Flash Player 8 (8.0.22.0), according to eEye. Macromedia recommended upgrading to Flash Player 8 but also released an update to Flash Player 7 fixing the bug. Flash Player 8 isn’t supported by older operating systems such as Windows 95 and Windows NT. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe The bug is due to missing validation of the frame type identifier read from a SWF file, which could be used to force the player to use attacker-supplied values as function pointers, according to eEye. Exploitation via a malicious SWF file could allow an attacker to execute malicious code with the same privileges as the user running Flash Player. “There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, leaving open the possibility that a third party could inject unauthorized code that would have been executed by Flash Player,” Macromedia said in its advisory.Secunia, which operates a vulnerabilities database, gave the bug a “highly critical” rating. As of Monday morning, Secunia said the flaw had been confirmed using Opera and Internet Explorer browsers. By Matthew Broersma, Techworld.com Related content opinion The changing face of cybersecurity threats in 2023 Cybersecurity has always been a cat-and-mouse game, but the mice keep getting bigger and are becoming increasingly harder to hunt. By Dipti Parmar Sep 29, 2023 8 mins Cybercrime Security brandpost Should finance organizations bank on Generative AI? Finance and banking organizations are looking at generative AI to support employees and customers across a range of text and numerically-based use cases. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Sep 29, 2023 5 mins Artificial Intelligence brandpost Embrace the Generative AI revolution: a guide to integrating Generative AI into your operations The CTO of SAP shares his experiences and learnings to provide actionable insights on navigating the GenAI revolution. By Juergen Mueller Sep 29, 2023 4 mins Artificial Intelligence feature 10 most in-demand generative AI skills Gen AI is booming, and companies are scrambling to fill skills gaps by hiring freelancers to make the most of the technology. These are the 10 most sought-after generative AI skills on the market right now. By Sarah K. White Sep 29, 2023 8 mins Hiring Generative AI IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe