Recently VMware has released a few security patches that will prevent a guest from execute code on the ESXi host and breaking the isolation of a virtual machine.
This has been possible based on heap buffer overflow and uninitialized stack memory usage in SVGA, using this bug may allow a guest to execute code on the host.
Note that this particular issue impacts ESXi 6.0 or later as also latest version of VMware Workstation, Player and Fusion.
Available VMware KB articles for these issues are:
Here the complete status of the affected versions:
For more informations see the VMware Security Advisories VMSA-2017-0006.