During our last ATM review engagement, we found some interesting executable files that were run by Windows Services under Local System account. These binaries had weak file permissions that allowed us to modify them using the standard ATM user account. As a proof of concept, I decided to inject some code into one of them to take full control of the system.
read more.....http://blog.spiderlabs.com/2014/03/injecting-code-into-a-dll.html
read more.....http://blog.spiderlabs.com/2014/03/injecting-code-into-a-dll.html