BUG: Inadvertent Script Execution from Context Menus

C

Crashby

We have a couple of things that add context menu items to
VBS and WSF files. One is Sapien Technologies'
PrimalCode that adds "Edit with PrimalCode" and a local
utility of ours that offers "Sign script". Whenever I
select either of these with Microsoft AntiSpyware Beta1's
Real-time Protection enabled, it throws up a dialog
offering to Allow or to Block the script, including the
option to remember this action. If I Block it and tell
it not to remember the action, nothing is executed, but
right-clicking the script file and selecting the menu
item again reports that the file is blocked. OF GREATER
CONCERN is that if I Allow, rather than editing the
script in PrimalCode or signing it (depending on the menu
item selected) IT ACTUALLY EXECUTES THE SCRIPT!!!!

- Crashby
 
B

Ben

I have seen the same behavior, trying to modify
javascript files in a program like Dreamweaver. The
context menu "Edit with Dreamweaver" is intercepted by
AntiSpyware, and if I say "allow" it actually executes
the script. If I open it a second time it works fine
(presumably because it is allowed at that point).

I definitely think this is a bug.
 
L

Lajus Norvejikus

I have the same behavior when I right click on js and vbs
files and select it for opening with Visual Studio.

For avoiding the problem what I do since then is opening
Visual Studio first and then opening the script files
using File > Open menu option inside VS window.

Pedro L.
 
G

Guest

Thanks for the info, Ben, Pedro. Opening the app first
and opening the script file from there is a good
workaround, but being able to use the context menu would
be a real convenience, and having context menus that
actually execute the script could be downright
dangerous. Here's hoping the developers can address
this. I am hoping one of them may post a reply.

Crashby.
 
M

Martin Tomes

Crashby said:
We have a couple of things that add context menu items to
VBS and WSF files. One is Sapien Technologies'
PrimalCode that adds "Edit with PrimalCode" and a local
utility of ours that offers "Sign script". Whenever I
select either of these with Microsoft AntiSpyware Beta1's
Real-time Protection enabled, it throws up a dialog
offering to Allow or to Block the script, including the
option to remember this action. If I Block it and tell
it not to remember the action, nothing is executed, but
right-clicking the script file and selecting the menu
item again reports that the file is blocked. OF GREATER
CONCERN is that if I Allow, rather than editing the
script in PrimalCode or signing it (depending on the menu
item selected) IT ACTUALLY EXECUTES THE SCRIPT!!!!
Click to expand...

I have foud this problem too. I have an edit context menu entry in
explorer and if I try to edit a .js file and allow then it runs the
script which is very bad:-(
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MS-Anti-Spyware runs script instead of opening it 2
Bug with .vbs scripts 4
Warning: Script file opened by incorrect application 1
Bug?: Editing vbs scripts in Visual Studio 2003 1
Script Blocking has no memory 3
"Edit With Primalscript" Context Menu option handled incorrectly 1
Script Blocking Issue 1
Wrong action when selecting item from context menu 1

Top