Thanks will do some reading. And BTW, this is the stuff that anti-exploit tools like HMPA and MBAE try to block.
While I was still working , now retired. I used to get their invites for web seminars all the time. Rapid7
Here is another article: https://community.rapid7.com/community/metasploit/blog/2017/02/22/attacking-microsoft-office-openoffice-with-metasploit-macro-exploits