The html tag with < img src ... > is normally benign and causes a fetch of the source.
To invoke an executable means you've done some good research on
what it happends when processing http get requests; (please don't report the how-to here!).
the issue is involves the server setup and how requests are constrained to the
webserver-root and how programs are found.
I'll not go any further on this topic for security reasons.
I too think this is a poor practice. If you don't like the Windows GUI, then
investigate other UI techniques, such as the command line, shell programming,
or rpc to X11.