CVE-2025-34124

HIGH

Heroes of Might and Magic III - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34124. PoCs published by John AAkerblom, Pierre Lindblad, John AAkerblom, including Metasploit module exploits/windows/fileformat/homm3_h3m.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Heroes of Might and Magic III by embedding malicious shellcode into a map file (.h3m). The exploit targets the game's map parsing functionality to achieve arbitrary code execution via a crafted sprite name.

Description

A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.

Exploits (2)

exploitdb WORKING POC VERIFIED
by John AAkerblom · clocalwindows
https://www.exploit-db.com/exploits/37716

This exploit demonstrates a buffer overflow vulnerability in Heroes of Might and Magic III by embedding malicious shellcode into a map file (.h3m). The exploit targets the game's map parsing functionality to achieve arbitrary code execution via a crafted sprite name.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Heroes of Might and Magic III 4.0.0.0 and HoMM 3 HD 3.808 build 9
No auth needed
Prerequisites: A vulnerable version of Heroes of Might and Magic III · Ability to deliver a crafted .h3m file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Pierre Lindblad, John AAkerblom · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/homm3_h3m.rb

This Metasploit module exploits a buffer overflow in Heroes of Might and Magic III by embedding malicious data into an uncompressed .h3m map file. The exploit leverages specific gadgets to bypass anticrash mechanisms and execute shellcode via a CALL ESP instruction.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Heroes of Might and Magic III (versions: H3 Complete 4.0.0.0, HD Mod 3.808 build 9, Heroes III Demo 1.0.0.0)
No auth needed
Prerequisites: Uncompressed .h3m map file or ability to create one · Target must load the malicious map file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v4 8.4
EPSS 0.2696
EPSS Percentile 96.5%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-121 CWE-20 CWE-94
Status published
Products (3)
The 3DO Company/Heroes of Might and Magic III Complete 4.0.0.0
The 3DO Company/Heroes of Might and Magic III Demo 1.0.0.0
The 3DO Company/Heroes of Might and Magic III HD Mod 3.808 build 9
Published Jul 16, 2025
Tracked Since Feb 18, 2026