CVE 2011-3201
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
See the
CVE page on Mitre.org
for more details.