trick with IE

[vah13]

Here I wrote an example how can open docx (and others files) file in target using simple metadata https://vah13.github.io/office-meta/docx.html I think it's another way to execute code using DDE.

Can it include in payloads of DDE?

[0xdeadbeefJERKY]

How you deliver/host the Word document is entirely up to the user. I haven't dabbled much in this technique, but if it only works with a combination of Word 2016 and IE, you're already reducing the chances of success during a phishing campaign/emulated attack. You're more than welcome to use this script to generate the payload and host on your server using this technique though!