NVISO blog post: Detecting DDE in MS Office documents
ISC diary entry: DDE and oledump
Blog post: Update: XORSelection.1sc Version 6.0
If you want to skip the part explaining my script XORSelection, you can jump directly to the dynamic XOR-key explanation.
ISC diary entry: Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working