diff --git a/oletools/msodde.py b/oletools/msodde.py
index 303d97476..839deb276 100644
--- a/oletools/msodde.py
+++ b/oletools/msodde.py
@@ -309,6 +309,12 @@ def process_args(cmd_line_args=None):
 # separator is present. The field begin character, field end character, and
 # field separator are collectively referred to as field characters.
 
+# Begin     = 0x13
+# Sep       = 0x14
+# End       = 0x15
+# Field     = <Begin> *<Field> [Sep] *<Field> <End>
+# FieldList = *<Field>
+
 
 def process_doc_field(data):
     """ check if field instructions start with DDE
@@ -350,8 +356,12 @@ def process_doc_stream(stream):
             char = ord(char)
 
         if char == OLE_FIELD_START:
-            if have_start and max_size_exceeded:
-                logger.debug('big field was not a field after all')
+            if have_start:
+                if max_size_exceeded:
+                    logger.debug('big field was not a field after all')
+                else:
+                    logger.debug('It has multiple starts!')
+                    continue
             have_start = True
             have_sep = False
             max_size_exceeded = False
diff --git a/tests/msodde/test_basic.py b/tests/msodde/test_basic.py
index 7eed57998..a990c914f 100644
--- a/tests/msodde/test_basic.py
+++ b/tests/msodde/test_basic.py
@@ -28,6 +28,7 @@ def test_valid_doc(self):
                 'dde-test-from-office2003.doc.zip',
                 'dde-test-from-office2016.doc.zip',
                 'dde-test-from-office2013-utf_16le-korean.doc.zip',
+                'dde-test-from-office365-nested-field.doc.zip',
         ):
             with decrypt_sample(join('msodde', filename)) as temp_name:
                 self.do_test_validity(temp_name)
@@ -167,6 +168,15 @@ def test_with_dde_utf16le(self):
             self.assertNotEqual(len(self.get_dde_from_output(output)), 0,
                                 msg='Found no dde links in output of ' + filename)
 
+    def test_with_dde_nested_field(self):
+        """ check that ddeauto appear on stdout """
+        filename = 'dde-test-from-office365-nested-field.doc.zip'
+        with decrypt_sample(join('msodde', filename)) as temp_file:
+            output = msodde.process_maybe_encrypted(temp_file,
+                field_filter_mode=msodde.FIELD_FILTER_BLACKLIST)
+            self.assertNotEqual(len(self.get_dde_from_output(output)), 0,
+                                msg='Found no dde links in output of ' + filename)
+
     def test_excel(self):
         """ check that dde links are found in excel 2007+ files """
         expect = ['cmd /c calc.exe', ]
diff --git a/tests/test-data/msodde/dde-test-from-office365-nested-field.doc.zip b/tests/test-data/msodde/dde-test-from-office365-nested-field.doc.zip
new file mode 100644
index 000000000..74080acf5
Binary files /dev/null and b/tests/test-data/msodde/dde-test-from-office365-nested-field.doc.zip differ