On Thursday, VMware released a patch to address critical security issues affecting their VMware Workstation, Player, ESXi and ESX products. The vulnerability is related to a problem with the handler function for RPC commands and makes it possible for a guest user to crash the process or execute code on the host system. The attacker doesn’t need root or admin privileges to carry out the exploit. There is an interesting workaround, and of course the problem can also be mitigated by not allowing untrusted users access to the virtual machines. Read more here:
http://www.vmware.com/security/advisories/VMSA-2012-0009.html