Macromedia Flash ships with all recent Windows IE versions, so it's likely you have it installed. The vulnerable Flash player also ships with the Opera Web browser. If you've disabled ActiveX it may be turned off.
Summary:
A flaw was flagged in Macromedia Flash Player 7.0.19.0 and earlier versions.
"Users who have already upgraded to Flash Player 8 are not affected by this issue. Macromedia recommends all Flash Player 7 and earlier users upgrade to this new version," the company said.
This is a gaping hole (classed as "critical") that could allow a malicious intruder to do very nasty things.
You can check out which version of Macromedia Flash player is currently on your machine by visiting:
The above link will "play a movie showing the Macromedia Flash version installed on your machine." (The movie doesn't move, it just displays your version number.)
At the download center you will be "offered" the Yahoo Toolbar. You MUST UNCHECK the permission to install the Yahoo Toolbar before you start the download if you don't want it. A EULA is displayed, but it is for the Yahoo Toolbar - IT IS NOT THE EULA FOR FLASH.
You will find a notice that downloading the new Macromedia Flash signifies you acceptance of the terms of the Macromedia EULA, but the EULA for the Flash update IS NOT DISPLAYED unless you click on the link to go look at it.
The Macromedia Flash EULA is reasonably ordinary until you get to:
"10 . Third Party Software "The Software may contain third party software which requires notices and/or additional terms and conditions. Such required third party software notices and/or additional terms and conditions are located at www.macromedia.com/go/thirdparty and are made a part of and incorporated by reference into this EULA. By accepting this EULA, you are also accepting the additional terms and conditions, if any, set forth therein."
The third party agreements are not displayed unless you click on the link to go look at them.
The third party software "terms and conditions" include LINKS TO THIRTY TWO SEPARATE EMBEDDED SOFTWARE ITEMS, EACH WITH ITS OWN EULA.
Do I trust Macromedia that there isn't at least one of these that demands that I let them install something I don't want?
I'll get back to you in about a month, after I've read all of the third party agreements, and maybe we'll talk about upgrading Macromedia Flash.
In the meantime, in Internet Explorer you can Click "Tools," Click "Manage Addons," click on whatever is displayed showing "Macromedia, Inc" as the Publisher, and then click on "disable." You may get a notice that you'll have to restart IE, but often it will just restart at whatever page you had open if you're not too quick on the trigger.
Suit yourself about running Flash, and if you run it, you probably should get the update to ver. 8. It is "necessary" for quite a lot of stuff that's out there. But...