Microsoft patched a security vulnerability tracked as CVE-2017-11882 that affected EQNEDT32.EXE the equation editor that was included with the Microsoft Office suite until 2007. Experts believe Microsoft might have lost the source code to one of its Office components. Microsoft replaced the old component with a new one in 2007, but the older file is still included with all Office installations to allow users to load and edit equations created with the old file. Cyber-security firm Embedi discovered a flaw in this component over the summer that allowed silent attacks on all Microsoft Office and Windows versions.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-appears-to-have-lost-the-source-code-of-an-office-component/