Product: Windscribe VPN (all platforms) Developer: Windscribe Vulnerability: Privilege Escalation Affected Versions: All versions <= v2.02.10 Timeline: This issue was disclosed responsibly in September 2020. Windscribe allows users to specify custom Openvpn config files to use. These config files are read by an Openvpn executable packaged with Windscribe that runs as SYSTEM. A malicious user could initiate a connection with a malicious config to run code as SYSTEM. malicious config proof-of-concept: script-security 2 up "C:\\Users\\User\\Desktop\\payload.bat" References: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/