First up we have a report from Secunia that sort of states what I've always strongly suspected - that 3rd party applications are more likely to be vulnerable to exploitation. http://www.pcworld.com/article/id,132025-pg,1/article.html
The reason? Many 3rd party application lack automatic updating functionality or didn't get it until very recently. Some (*cough* QuickTime *cough*) either still don't work right when logged in as a standard user or just plain don't work. :) Back when I used to have QuickTime installed - it didn't work right for me - even as an Admin (and that was on XP) . . . I haven't installed it in a long time now so I dunno if they've addressed the issues with the latest 7.x builds.
Given evidence like this - it wouldn't surprise me if this year we continue to see attackers focusing increasingly on non-Microsoft applications with their exploit love and affection.
Next up - an amusing 'experiment' conducted using Google advertising: http://neowin.net/index.php?act=view&id=40415Drive-by downloads served up via on-line ads - I've always wondered why this isn't used and abused more often? Maybe it is and it's just not reported? I mean I know of specific casess where online ads were used with IE vulns to install malware . . . but it's not as common as hacked PHP web sites. :(