A hole in Microsoft's Windows SMB2 protocol was the most attacked vulnerability last year, followed by holes in Adobe Reader and Flash Player, Internet Explorer 7 and Windows MPEG-2 ActiveX Control, according to a Symantec report to be released on Tuesday.
Of web-based attacks, suspicious PDF file downloads was the top method, representing nearly half of such attacks, followed by six attacks on Internet Explorer (IE), one targeting Adobe Shockwave Flash (SWF), and two targeting MPEG-2 ActiveX Controls, the Symantec Global Internet Security Threat Report found.
Despite being the most attacked browser, IE had 45 reported vulnerabilities, compared with 169 vulnerabilities reported for Firefox. "This shows that attacks on software are not necessarily based on the number of vulnerabilities in a piece of software, but on its market share and the availability of exploit code as well," the report said.
For more on this story, see Adobe Reader, IE dominated attacks list in 2009 on CNET News.
Talkback
Isn't IE7 built using the IE6 engine? As IE6 was probably the worst offender in MS's line up of insecure software, it stands to reason it would be the most exploited. And, once more active-X controls are right up there. Active-X has been a security hole since its inception, and continues to be exploitable. Also the C-NET article talks of "computer vulnerabilities", instead of "windows based systems".