To create such a connection one would first have to construct a web query file (.iqy), as explained in this guide, and then import it with the "Data -> Get external data -> Run saved query" menu command.
For any SharePoint list, when I click on the 'Export to Excel' button on the 'List' ribbon, I am prompted to download the owssvr.dll file. When it download it will download as owssvr.dll instead of owssvr.dll.iqy. When I try to open owssvr.dll, I get the following error in Excel.
An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.
Adversaries may employ various forms of Masquerading and Obfuscated Files or Information to increase the likelihood that a user will open and successfully execute a malicious file. These methods may include using a familiar naming convention and/or password protecting the file and supplying instructions to a user on how to open it.
APT29 has used various forms of spearphishing attempting to get a user to open attachments, including, but not limited to, malicious Microsoft Word documents, .pdf, and .lnk files.  
menuPass has attempted to get victims to open malicious files such as Windows Shortcuts (.lnk) and/or Microsoft Office documents, sent via email as part of spearphishing campaigns.
Monitor for newly constructed files that are downloaded and executed on the user's computer. Endpoint sensing or network sensing can potentially detect malicious events once the file is opened (such as a Microsoft Word document or PDF reaching out to the internet or spawning powershell.exe).
In our annual roundup report for 2017, we found that the most common file types used in malware-related spam campaigns are .XLS, .PDF, .JS, .VBS, .DOCX, .DOC, .WSF, .XLSX, .EXE, and .HTML. In August, we also reported about .EGG files delivering GandCrab v4.3 ransomware. But cybercriminals are expanding the file types they abuse. The following details how cybercriminals make use of old file types in brand-new ways, proving that they are regularly experimenting to evade spam filters.
Cybercriminals also use .Z files maliciously. .Z file extensions are compressed Unix-based machine files, though it has been outshined by the GNU Gzip compression in terms of popularity among users. Because it appears to have a double file extension (such as .PDF.z), users may be tricked into thinking that they're opening a PDF instead of a .Z file.