The setuid flags allows you to run a binary as someone else. Since processes inherit the credentials they have when they run another program, if you find a bug[1] in a setuid program that let's you run another program of your choosing you can gain the credentials of the setuid user.
[1] Buffer over flow, calling exec/system without proper escaping, creating predictable temp files, etc, etc.
[1] Buffer over flow, calling exec/system without proper escaping, creating predictable temp files, etc, etc.