Ancient Excel bug drags itself out of the grave
CISA has added CVE-2009-0238, a 17-year-old Microsoft Excel remote code execution flaw, to its Known Exploited Vulnerabilities catalogue after fresh in-the-wild abuse. The bug is a reminder that legacy Office software, forgotten viewers, and neglected compatibility packs remain a genuine security risk long after most people assume they have faded away.