Urchin 5 uses Adobe's SVG viewer for enhanced report displays when the proper Adobe SVG Viewer has been installed on the user's computer and a browser that supports SVG is being used.
Several vulnerabilities have been discovered in the Adobe SVG Viewer application for the Windows platform. Please see the notes regarding these vulnerabilities on the Adobe SVG Viewer download area web page at:
Impact on Urchin Customers
While there is no flaw in the Urchin 5 software itself, most Urchin 5 users will have installed the Adobe SVG Viewer to enable the enhanced reporting graphics of Urchin 5, and thereby are open to the vulnerabilies described above. Urchin Software Corporation strongly recommends that all customers upgrade to SVG Viewer 3.01 or later to mitigate the vulnerabilities.
It should also be noted that Urchin 5 uses only EMBED tags when using SVG graphics, which is in compliance with Adobe's recommendation on this issue.
Determining the Adobe SVG Viewer version
In order to determine what version of Adobe's SVG Viewer is on a Windows computer, bring up an Urchin 5 report in Internet Explorer. Right-click on the graph area of the Urchin report, and select "About Adobe SVG Viewer...". At the top of the resulting pop-up window, a version will be printed. If the version is "3.0 Build 76", an upgrade is needed. As of the writing of this security notice, "3.01 Build 81" is the current SVG Viewer that addresses the vulnerabilities.