Which version of SQL Server are you using? Please make sure that you've read the entire xp_cmdshell topic in the BOL. There are some sever security issues that can arise by allowing access to this extended stored procedure.
Is there some other mechanism in your workflow that could launch the EXE?
-Mike