A seventeen year old vulnerability was patched in the Microsoft Equation Editor yesterday.
For a semi-technical overview, see Office Equation Editor Security Bug Runs Malicious Code Without User Interaction by Catalin Cimpanu.
For all the details and a back story useful for finding vulnerabilities, see: Skeleton in the closet. MS Office vulnerability you didn’t know about by Embedi.
Walking through the steps in the post to “re-discover” this vulnerability is good exercise.
It’s not the fault of Microsoft that its users fail to patch/upgrade Microsoft products. That being said, CVE-2017-11882, with a seventeen year range, should be added to your evergreen list of Microsoft vulnerabilities.