Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function.
https://www.exploit-db.com/exploits/2264
http://www.securityfocus.com/bid/19732
http://www.securityfocus.com/archive/1/452775/100/100/threaded
http://www.securityfocus.com/archive/1/452746/100/100/threaded