The virtual machine isn't guaranteed to work: http://www.zdnet.co.uk/news/security-threats/2009/06/09/virt...

Unless you know exactly what it can do, you should probably run it on an old machine without [direct] internet access.

From your link:

Cloudburst uses a vulnerability in the virtual-machine display functions of VMware Workstation that can be exploited by a specially crafted video file.

and...

However, the Cloudburst exploit currently has certain limitations: it will only succeed on Workstation 6.5.0 or 6.5.1 or the associated Player versions. In addition, the guest and host must be Windows-based, among other requirements, Immunity said in its release notes.

Remember, that's a publicly released exploit that's not even very new.

Assume that if that's been publicly released, more advanced stuff has already been seen in the wild.

Makes sense. That is good advice but as oconnore pointed out that even a VM can be exploited, though I think your solution would work well in the majority of cases. I suppose using a virtual copy of Windows in my OS X wouldn't be 100% safe because of the exploit. I suppose I'll be getting out my old Dell Windows XP machine then to test this out until I am sure it is safe (which I imagine it is but who knows), and if something happens to it then I'll just wipe the drive and re-install Windows. Poison Ivy seems like it would be an awesome tool to know which would be worth my time.

Did you read the actual article about the VM exploit? It requires both OSs to be Windows based AND the use of a malformed video file.

But, yeah, paranoia is healthy in this circumstance.