The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host. A NULL pointer dereference vulnerability can also be exploited when the software handles guest RPC requests, something that could allow an attacker with normal user privileges to crash virtual machines. The last vulnerability only affects vCenter Server, a platform designed to help users manage vSphere environments.
Source: https://threatpost.com/vmware-patches-bug-that-allows-guest-to-execute-code-on-host/127990/