14 DAY TRIAL // According to a report from antivirus vendor Kaspersky Lab, the most common unpatched vulnerabilities detected on people's computers are in Adobe and Oracle products.
At the top of the list is the SING 'uniqueName' buffer overflow vulnerability (CVE-2010-2883) which affects older versions of Adobe Reader and Acrobat.
This vulnerability is rated extremely critical and was patched last October in Adobe Reader 8.2.5 and 9.4. Adobe Reader X, the latest version of the product is not affected.
The presence of this vulnerability on people's machines suggests that despite Adobe's efforts to improve its updating process, users still fail to deploy patches.
This means that it might be a while until the majority of users upgrade to Adobe Reader X which features sandboxing technology.
Adobe Reader X users are protected from the vast majority of exploits even if their version of the product is theoretically vulnerable.
The second most common vulnerabilities according to Kaspersky are located in Oracle's Java and they were patched in February. Java is a real problem, not only because it is outdated on people's systems, but because it is a favorite target for attackers.
Practically all drive-by download toolkits have one or several Java exploits incorporated. Users should disable the Java browser plug-in if they don't remember ever using it.
The next three vulnerabilities are all located in outdated versions of Flash Player, another extremely popular product that is found on most computers, but is not kept up to date by users.
Like Java and Adobe Reader, Flash Player is also a target for drive-by attackers. People using Google Chrome are somewhat protected by default, because the browser bundles its own special version of Flash Player and keeps it up to date.
Chrome's Flash Player also runs under a limited sandbox so it is harder to exploit it than the regular browser plug-in distributed by Adobe. Users who only use Chrome for browsing, should uninstall other versions of the plugin from their computers.