This is a well-established attack vector, as shown by the latest exploits of another zero-day vulnerability in Adobe's Reader and Acrobat software, said Paul Vlissidis, technical director at NGS Secure.
"It points to what is now a major threat area; vulnerabilities in third-party products that people have on their desktops", he said.
Operating system suppliers all have reasonably effective patching regimes, said Vlissidis, but it now falls to businesses to also check that all their other software is fully patched at all times.
"For corporate users, it underlines the need to have tight controls over all software products running across business networks", he said.
This is especially important, said Vlissidis, for software that has access to the internet either directly, or via plug-ins supporting browsers and email attachments.
This story was first published by Computer Weekly