CVE-2025-34124: CWE-121 Stack-based Buffer Overflow in The 3DO Company Heroes of Might and Magic III
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-34124) involves a stack-based buffer overflow triggered by specially crafted object sprite names within .h3m map files in Heroes of Might and Magic III (Complete 4.0.0.0, HD Mod 3.808 build 9, Demo 1.0.0.0). When the game loads these malicious map files, the overflow can corrupt memory and potentially allow execution of arbitrary code. The attack vector requires user interaction to open the malicious map file. The CVSS 4.0 base score is 8.4, indicating high severity, with local attack vector, low attack complexity, no privileges required, but user interaction needed. The vulnerability affects confidentiality, integrity, and availability with high impact. No patches or vendor advisories are currently available.
Potential Impact
Successful exploitation can result in arbitrary code execution on the victim's system, compromising confidentiality, integrity, and availability of the affected machine. The attack requires local user interaction to open a malicious map file, limiting remote exploitation. There are no known active exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid opening untrusted or suspicious .h3m map files in affected versions of Heroes of Might and Magic III. Monitor official channels for updates or patches from The 3DO Company.
CVE-2025-34124: CWE-121 Stack-based Buffer Overflow in The 3DO Company Heroes of Might and Magic III
Description
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-34124) involves a stack-based buffer overflow triggered by specially crafted object sprite names within .h3m map files in Heroes of Might and Magic III (Complete 4.0.0.0, HD Mod 3.808 build 9, Demo 1.0.0.0). When the game loads these malicious map files, the overflow can corrupt memory and potentially allow execution of arbitrary code. The attack vector requires user interaction to open the malicious map file. The CVSS 4.0 base score is 8.4, indicating high severity, with local attack vector, low attack complexity, no privileges required, but user interaction needed. The vulnerability affects confidentiality, integrity, and availability with high impact. No patches or vendor advisories are currently available.
Potential Impact
Successful exploitation can result in arbitrary code execution on the victim's system, compromising confidentiality, integrity, and availability of the affected machine. The attack requires local user interaction to open a malicious map file, limiting remote exploitation. There are no known active exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid opening untrusted or suspicious .h3m map files in affected versions of Heroes of Might and Magic III. Monitor official channels for updates or patches from The 3DO Company.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.561Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68795303a83201eaace879b1
Added to database: 7/17/2025, 7:46:11 PM
Last enriched: 4/7/2026, 11:04:29 PM
Last updated: 5/9/2026, 8:22:59 AM
Views: 211
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.