Google Apps, a service from Google for using several Google products including Gmail, Google Calendar, Google Talk, Docs with custom domain names, is vulnerable to remote command injection vulnerability.
A specially crafted web page can used to trigger this vulnerability. The specific flaw is an error in “googleapps.exe” in the way it handles arguments e.g. “–renderer-path” argument received via the “googleapps.url.mailto:” URI. Successful exploitation might allow an attacker to execute malicious binaries or applications from a remote location. Technical details for this vulnerability are publicly available along with a Proof-of-Concept.

At this time Google has not confirmed the vulnerability and no updates are available

References:
Retrogod Security Advisory
http://retrogod.altervista.org/9sg_google_apps_uri.html
Wikipedia Article on Google Apps
http://en.wikipedia.org/wiki/Google_Apps
Product Home Page
http://www.google.com/apps/
SecurityFocus BID
http://www.securityfocus.com/bid/36581