There is a URL protocol handler command injection vulnerability in Internet Explorer for Windows that allows you to execute shell commands with arbitrary arguments. This vulnerability can be triggered without user interaction simply by visiting a webpage.
97817c440ccad36fa887930439c3bdaf4a4453e3d8bf7987f58f1e95ea0330a9