diff --git a/oletools/msodde.py b/oletools/msodde.py
index 90d8501..a38ed45 100644
--- a/oletools/msodde.py
+++ b/oletools/msodde.py
@@ -833,7 +833,8 @@ def process_rtf(file_handle, field_filter_mode=None):
 CSV_SMALL_THRESH = 1024
 
 # format of dde link: program-name | arguments ! unimportant
-CSV_DDE_FORMAT = re.compile(r'\s*=(.+)\|(.+)!(.*)\s*')
+# can be enclosed in "", prefixed with + or = or - or cmds like @SUM(...)
+CSV_DDE_FORMAT = re.compile(r'\s*"?[=+-@](.+)\|(.+)!(.*)\s*')
 
 # allowed delimiters (python sniffer would use nearly any char). Taken from
 # https://data-gov.tw.rpi.edu/wiki/CSV_files_use_delimiters_other_than_commas
diff --git a/tests/msodde/test_csv.py b/tests/msodde/test_csv.py
index a760e6c..ee46e07 100644
--- a/tests/msodde/test_csv.py
+++ b/tests/msodde/test_csv.py
@@ -131,6 +131,17 @@ class TestCSV(unittest.TestCase):
         self.assertTrue(have_start_line)  # ensure output was complete
         return result
 
+    def test_regex(self):
+        """ check that regex captures other ways to include dde commands
+        
+        from http://www.exploresecurity.com/from-csv-to-cmd-to-qwerty/ and/or
+        https://www.contextis.com/blog/comma-separated-vulnerabilities
+        """
+        kernel = "cmd|'/c calc'!A0"
+        for wrap in '={0}', '@SUM({0})', '"={0}"', '+{0}', '-{0}':
+            cmd = wrap.format(kernel)
+            self.assertNotEqual(msodde.CSV_DDE_FORMAT.match(cmd), None)
+
 
 # just in case somebody calls this file as a script
 if __name__ == '__main__':