CVE-2025-34124
HIGHHeroes of Might and Magic III - Buffer Overflow
Title source: llmDescription
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by John AAkerblom · clocalwindows
https://www.exploit-db.com/exploits/37716
metasploit
WORKING POC
NORMAL
by Pierre Lindblad, John AAkerblom · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/homm3_h3m.rb
References (3)
Scores
CVSS v4
8.4
EPSS
0.1262
EPSS Percentile
94.0%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Details
CWE
CWE-121
CWE-20
CWE-94
Status
published
Products (3)
The 3DO Company/Heroes of Might and Magic III
Complete 4.0.0.0
The 3DO Company/Heroes of Might and Magic III
Demo 1.0.0.0
The 3DO Company/Heroes of Might and Magic III
HD Mod 3.808 build 9
Published
Jul 16, 2025
Tracked Since
Feb 18, 2026