Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system.