diff --git a/Lib/mailcap.py b/Lib/mailcap.py
index ae416a8e9fb273..de9dfdda54bfc5 100644
--- a/Lib/mailcap.py
+++ b/Lib/mailcap.py
@@ -1,6 +1,8 @@
 """Mailcap file handling.  See RFC 1524."""
 
 import os
+import shlex
+import subprocess
 import warnings
 
 __all__ = ["getcaps","findmatch"]
@@ -170,7 +172,7 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]):
     for e in entries:
         if 'test' in e:
             test = subst(e['test'], filename, plist)
-            if test and os.system(test) != 0:
+            if test and subprocess.run(shlex.split(test)).returncode != 0:
                 continue
         command = subst(e[key], MIMEtype, filename, plist)
         return command, e
@@ -250,8 +252,8 @@ def test():
             print("No viewer found for", type)
         else:
             print("Executing:", command)
-            sts = os.system(command)
-            sts = os.waitstatus_to_exitcode(sts)
+            arguments = shlex.split(command)
+            sts = subprocess.run(arguments, capture_output=True).returncode
             if sts:
                 print("Exit status:", sts)
 
diff --git a/Misc/NEWS.d/next/Security/2022-04-14-19-35-31.gh-issue-68966.foD-qB.rst b/Misc/NEWS.d/next/Security/2022-04-14-19-35-31.gh-issue-68966.foD-qB.rst
new file mode 100644
index 00000000000000..0d4c56c1c61588
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2022-04-14-19-35-31.gh-issue-68966.foD-qB.rst
@@ -0,0 +1 @@
+Fixed CVE-2015-20107 reported against :mod:`mailcap`.  Contributed by Oleg Iarygin.