From github.com
![](https://cert.bournemouth.ac.uk/wp-content/uploads/2020/03/image.jpeg)
The permissive folder permission in “C:\ProgramData\OpenVPN Connect” allows an attacker without admin rights to place a malicious DLL next to tapinstall.exe. As soon as OpenVPN client is installed or upgraded, the malicious DLL is loaded by tapinstall and the shellcode is executed.