At the time of posting, two document formats were known to allow
Microsoft Word (.docx) and
Rich Text Format (.rtf). The latter is more dangerous for the potential victim because it allows execution of a malicious command even without opening the document — just previewing it in Windows Explorer is enough.
Other Poc Follina