Email Security Testing

[Scorp666]

I found the following site that tests you email client security :

http://www.gfi.com/emailsecuritytest/

I found myself to be somewhat vulnerable to the exploit that opens the calculator (see test) IF I execute the attached document.

I was wondering if all the exploits are really exploits or only hype to sell the product?

I agree that this could be useful to a network administrator that has computer illiterate users but do you guys think this would be useful for someone that knows exactly what the files they are opening or saving are?

Your opinions will be appreciated!

[Tedob1]

when you consider the fact that the calculator could really be any program with params i'd call that a vulnerability. i do believe that many of these are found and exploited for the purpose of selling security services and such, but that they really do exist as vulnerabilities. i dont believe they are included in the software for this purpose or fabricated.

[Scorp666]

They executed the calculator to prove that the exploit can open any executable on the HD. Off course I was asked before I executed if I really wanted to execute it which to me isn't really a vulnerability since I still had control over the process.

I am not sure I would call that a vulnerability, would you?

[Tedob1]

ive used that code testing it in emails to co-workers, who were also curious, and nothing was asked before the program executed (cmd.exe). so yes i would.