Kostya Kortchinsky of Immunity Inc. discovered a bug in VMWare products that let the Windows guest OS to run code on the Mac OS host system, contrary to the intentions of such set-ups. VMware has patched all Hosted products and patches for ESX and ESXi resolve a critical security vulnerability are available for download.
Kortchinsky demo shows Windows XP running as a guest system, opening up the calculator in Vista running as the host system. It’s a major breach that could allow a security bug to ‘jump systems’. He insists the bug would allow such activity on a Mac system running Windows as the host. He also says the issue could affect Linux, both as a host and a guest system.