Strictly referring to the antivirus component, CIS is helpless against program/OS exploits like this one, simply because it lacks any mechanism to block the vulnerable program in question from parsing and executing the exploit file. For this you need a HTTP scanner, or dedicated anti-exploit functions like McAfee’s ScriptScan, Symantec’s Browser Defender (?), etc. But of course, Comodo has SafeSurf and D+, so this is not as big a problem as it might otherwise be.
That’s somewhat of a liberal extension. Some AVs are definitely useless. But all? Hardly.