Gtron Solutions, LLC

VMware has acknowledged some vulnerabilities in VMware Player, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system

• Various vulnerabilities are caused due to unspecified errors within certain ActiveX controls. These can be exploited to e.g. execute arbitrary code by tricking a user into visiting a malicious website.
• An unspecified error related to "OpenProcess" can be exploited by malicious, local users on a host system to gain escalated privileges on the host system. This vulnerability affects VMware Player 1.x for Linux only.
• Some vulnerabilities in freetype can potentially be exploited by malicious people to compromise an application using the library. For more information: SA30600
• A vulnerability in cairo can potentially be exploited by malicious people to compromise an application using the library. For more information: SA27880 This vulnerability affects VMware Player 2.x for Linux only.

SOLUTION: VMware Player 1.x: Update to version 1.0.8 build 108000 or later.
VMware Player 2.x: Update to version 2.0.5 build 109488 or later.

Source: http://www.secuobs.com/secumail/snsecumail/msg11944.shtml