The default screen saver in Windows XP and Windows 2003 Server runs as a system process. Thus if a malicious person changes logon.scr to cmd.exe or explorer.exe they can take control of the system when the screen saver runs. POC exploit included.
9e05af997c3f8dc90610177e1645b1cbb30384da557ca3ff72d1e3a6861247a5