There are two interesting exploits/ vulnerabilities discovered recently. 1- .lnk exploit( involves a dll execution too). 2- dll vulnerability HIPS and behav blockers are usually not meant to handle malicious dll execution, though many of classical HIPS can be configured to intercept dll execution/ loading but due to the insane no of pop up alerts it,s not practical at all. I have tried the POCs for both exploits with Comodo Defence Plus v 4, EQSecure and GesWall. CIS v 5 is great but sadly it has no control for dll execution. No way to intercept both these exploits via CIS 5. Here is .lnk exploit POC that executes a test dll named dll.dll.