The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.