Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
http://www.securityfocus.com/bid/5999
http://www.securityfocus.com/bid/5998
http://www.iss.net/security_center/static/10402.php