Product: Windscribe VPN (all platforms)
Developer: Windscribe
Vulnerability: Privilege Escalation
Affected Versions: All versions <= v2.02.10
Timeline: This issue was disclosed responsibly in September 2020.

Windscribe allows users to specify custom Openvpn config files to use.
These config files are read by an Openvpn executable packaged with Windscribe that
runs as SYSTEM. A malicious user could initiate a connection with a malicious config
to run code as SYSTEM. 

malicious config proof-of-concept:
script-security 2
up "C:\\Users\\User\\Desktop\\payload.bat"

References: 
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/