Data from user's certificate is used to invoke external application without filtering.
vulners.com/securityvulns/securityvulns:doc:7761