Custom protocol handler can be one approach as Bernhard Hiller suggested. Still it can be a security leak, since it is global and can not be restricted to a single web application.
You can use Silverlight (http://msdn.microsoft.com/en-us/library/gg192793(v=vs.95).aspx
]) and probably Java FX and Flex also to create "applets", with full trust, and capable of starting local application.
But all approaches need client action, probably an installation with elevated rights.