Remember the DDEAUTO vulnerability?
DDEAUTO, short for automatic dynamic data exchange, is a command you can put right inside the data of an Office file to get it to pull data out of another file.
According to Microsoft’s official documentation, DDEAUTO is only supposed to work within the same app, or between two apps that are already active: