"In a session at the RSA conference in San Francisco, Qualys CTO
Wolfgang Kandek revealed that many browser users don't have updated
plug-ins. Kandek's data was derived from over 200,000 browser
visits to the Qualys BrowserCheck service between July of 2010 and
January of 2011. BrowserCheck checks user's browser to see if
they're running up-to-date plug-ins.
"According to Qualys' data, 42 percent of users were running
vulnerable out-of-date Java plug-ins. Adobe's Reader was in second
at 32 percent followed by Apple QuickTime at 25 percent. Adobe
Flash came in fourth at 24 percent."