Affected tool:
msodde

Describe the bug

Output will repeat DDE matches several times
For example, a docx file with 2 DDEs A & B would result in:

...
DDE Links:
A
B
A
B

This appears similarly with the JSON option

...
,	{"msg": "A B", "level": "warning", "type": "dde-link"}
,	{"msg": "A B", "level": "warning", "type": "dde-link"}

If there were 3 DDEs, the DDE links would repeat 3x in total [thus 9 lines], 4 DDEs repeat 4x [thus 16 lines], ... etc

File/Malware sample to reproduce the bug
Please attach the file in a password protected zip archive, or provide a link where it can be downloaded (e.g. Hybrid Analysis, preferably not VirusTotal which requires paid access). If not possible, please provide a hash.

How To Reproduce the bug

1. Create a new word file
2. Insert
3. Quick Parts
4. Field > Formula
5. Right click on the new element > Toggle Field Codes
6. Replace the values within the {} with [ignore the backtick markup, & replace w a proper DDE if needed]: DDEAUTO C:\WINDOWS\system32\cmd.exe /k "echo 'hello world'"
7. Add another DDE [i.e. repeat steps but with goodbye world instead]
8. Save the file as test.docx
9. Use the following cmds on that file:

msodde test.docx
msodde -j test.docx

& see the output repeat [& merge/concatenate in the JSON case] the DDEs detected

Expected behavior

Normal format output will not display DDEs repeatedly [should only print each DDE 1x, rather than by # of total DDEs]
JSON format output will split the DDEs properly [into separate messages & not repeat within a msg] - i.e.

...
,	{"msg": "A", "level": "warning", "type": "dde-link"}
,	{"msg": "B", "level": "warning", "type": "dde-link"}

Console output / Screenshots
N/A

Version information:

• OS: Linux
• Python version: 3.8
• oletools version: v0.60.2

Additional context
Can add some limited info if needed [& maybe some corrections once I find my notes]