VMware has issued an update for several of their hypervisor products to address a privilege escalation vulnerability when running Windows XP, Windows Server 2003 and older versions of Windows as a guest operating system.
The products are VMware Workstation, VMware Fusion and VMware ESXi and ESX. The vector for the attack is a VMware device driver LGTOSYNC.SYS. The file properties for this driver describe it as "VMware/Legato Sync Driver."
The hypervisor itself is not exploitable through this vulnerability, but an unprivileged Windows process could elevate privilege under Windows. Presumably it could attain the privileges under which LGTOSYNC.SYS runs, but the advisory does not specify what level this is.
Updated versions may be downloaded at these pages: