BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.