My current understanding is that an exploit kit will fingerprint (gather information on) a system, check those details against a database of vulnerabilities and then attempt to use the relevant exploits.
I can see simple ways of checking for things like the installed version of Flash using JS but this is really easily defended against (because it's just JavaScript that can be stopped, modified or stepped over by the user).
What other techniques are used to gather information on a user when they find their way to the exploit kit's landing page?
For example, how would it discover what version of Adobe Reader you are using or what browser plugins are installed if you landed on my webpage?