A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content.

https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/