IPsec VPN question

[divinepresence () gmail com]

Hi again,
I was just reading up about an application which used an IPsec VPN connection, to connect to an application server. Now 
my question is that if an attacker gets access to the machine hosting the client application, can he intercept and/or 
modify packets at the network stack before it hits the IPsec ESP module (to view the communication mechanism between 
the client and the server)? Is it really an issue or my doubt is unfounded?

Also what sort of attacks can then be carried out by that attacker using another tool since that VPN connection would 
give him access to the complete network at the app server's end?

Thanks
Ankur Jindal