The company released the advisory on Nov. 2, months after the flaws were reported by eEye Digital Security and Sec Consult in June. In a bulletin on its website, Macromedia said the vulnerability on Flash Player versions 7.0.19.0 and earlier left PCs open to third-party hijackings.
"There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, thus leaving open the possibility that a third party could inject unauthorized code that would have been executed by Flash Player," the bulletin reads.
Macromedia recommended that users download Flash Player 8, which contains a fix for the vulnerability. Users of PCs that do not support Flash Player 8, such as Windows 95 or NT or classic Macintosh operating systems should refer to the Flash Player 7 update Technote, according to the advisory.
Steve Manzuik, product manager with eEye, said he believes many companies are not responding quickly enough to vulnerabilities.
"I think it was probably a matter of finding the right patch," he said. "In general, I think everyone is taking too long to respond," he said.
