Exploit Title: OpenVPN Connect for Windows (MSI) – – Privilege Escalation

From github.com

The permissive folder permission in “C:\ProgramData\OpenVPN Connect” allows an attacker without admin rights to place a malicious DLL next to tapinstall.exe. As soon as OpenVPN client is installed or upgraded, the malicious DLL is loaded by tapinstall and the shellcode is executed.

Read more…