There is a configuration bug on multiple platforms allowing code execution with lynxcgi: URL handler.
vulners.com/securityvulns/securityvulns:doc:10205