I think that what you are saying is this:
"The inserted code runs within the Flash component (and makes use of
specific features of that component), not within Adobe Reader. Therefore,
any machine that uses the Flash component is vulnerable to the exploit,
whatever the version of the OS."
Your premise is correct, but your conclusion simply doesn't follow. The
delivery and injection of the code depends on a weakness within Reader. If
this weakness does not exist in the version of Reader running on the
machine, then the code cannot be inserted into the Flash component and will
not be executed. In other words, such a machine is not vulnerable to this
Of course, the problem in Flash may make that machine vulnerable to a
different exploit that uses a different injection mechanism, but that's not
the point. The question that needs to be answered is "Is there any evidence
that this exploit is applicable to any versions of Adobe Reader other than
those listed in the Alert?"
MS MVP (Windows - Shell/User)