...
Sanitizing a shell command can be difficult and doing so can adversely affect the power and flexibility associated with them.
Compliant Solution (Windows)
There is no portable or guaranteed way to clear out the environment under Windows. Following the recommendations of ENV04-A. Do not call system() if you do not need a command processor, care should be taken to use _execle(), _execlpe(), _execve(), or _execvpe() instead of system() because they allow the the environment to be explicitly specified.
Risk Assessment
Invoking an external program in an attacker-controlled environment is dangerous.
...