The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
https://www.mail-archive.com/[email protected]/msg07534.html