I wonder how vulnerable banks and bitcoin wallet companies like coinbase are?
To make use of this vulnerability the attacker has to have already breached your network, therefore you've already failed at life. If it wasn't this, it would be something else at that point. It's dumb that it took them 7 years to fix it but the fact that in 7 years you haven't heard of it actually being used tells you the issue is now being blown out of proportion. There's generally far easier ways to breach a network.
I'd be far more concerned with the grossly outdated software many banks run and how easy they are to social engineer. At least the small/medium ones. I can't speak to the major ones (Chase, BofA, etc).