VMware Workstation, Player, ESXi and ESX patches address critical security issues

a. VMware host memory overwrite vulnerability (data pointers)
Due to a flaw in the handler function for RPC commands, it is possible to manipulate data pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
Workaround

• Configure virtual machines to use less than 4 GB of memory. Virtual machines that have less than 4GB of memory are not affected.
  OR

• Disable VIX messages from each guest VM by editing the configuration file (.vmx) for the virtual machine as described in VMware Knowledge Base article 1714. Add the following line:
  isolation.tools.vixMessage.disable = “TRUE”
  Note: This workaround is not valid for Workstation 7.x and Fusion 3.x.
  Mitigation

• Do not allow untrusted users access to your virtual machines. Root or Administrator level permissions are not required to exploit this issue.
  The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2012-1516 to this issue.
  VMware would like to thank Derek Soeder of Ridgeway Internet Security, L.L.C. for reporting this issue to us.
  Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.