I had test with default settings except Firewall / Advanced / Firewall Behavior Sett. and i ticked

Protect the ARP Cache + Block Gratuitous ARP Frames
Block Fragmented IP Datagrams
Do Protocol Analysis

Then i got this result. It was very surprising … ???

Too bad for novince users who likes to use with default settings.

In the other test i sanboxed the clt.exe and the result is 320/340

  1. Impersonation: DDE Vulnerable
  2. Impersonation: Coat Vulnerable