Re: It seems like it would be slightly difficult to exploit
All sites running versions up to CE 1.9.1.0 are vulnerable... Until patched.
Your highly paid for Enterprise version also is a wide open swinging barn door.
And Magento suffers regression errors, when you upgrade, the core patched files are overwritten which causes your website to be open to the wide world all over again until re-patched with ALL the patches that apply to your current version.
The patch is a shell script patch that needs to be manually run with crossed fingers in the hopes it doesn't blow chunks.
After patching, you still aren't in the clear... Your fully patched website is still vulnerable.
If you're running the kludge compiler, recompile. Then clear your Magento cache, best if done by manually deleting the cache subfolders just to be sure. Then, if you're running an opcode cache, better clear that as well.