Security researchers have discovered a bug in VMware desktop virtualization applications that allows attackers to take complete control of the underlying PC, including the execution or modification of files on the host operating system.

CoreLabs, the research center of Core Security Technologies, discovered the vulnerability affects VMware Workstation, Player and ACE software and it is only exploitable when shared folders are enabled and at least one folder on the host system is configured for sharing.

The announcement comes on the eve of VMWare’s first annual VMworld Europe conference.

The security vendor is releasing the exploit in the week of the VMworld event in the hope that publicity will force VMware to take action, and to make users aware of the problem and enable them to “safely assess the consequences of an actual network intrusion”, and apply a simple workaround to avoid the problem.