Attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace. Among the most common types of files most frequently assailed in the attacks are Microsoft Word, Excel and PowerPoint. Attacks are often sent from spoofed e-mail addresses that appear trustworthy, and live inside documents that havent been tabbed with the same security concerns as Web-based applications in recent years. The attacks are often being distributed inside specific organizations by hackers who disguise the threats as legitimate files.”]
Source: https://www.csoonline.com/article/2121823/malicious-code-hiding-in-word–excel–ppt-and-pdf-files.html