Buffer Overflow Vulnerability in Heroes of Might and Magic III by Ubisoft
CVE-2025-34124

8.4HIGH

Key Information:

Vendor

The 3do Company

Status
Heroes Of Might And Magic Iii
Vendor
CVE Published:
16 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34124?

A buffer overflow vulnerability in Heroes of Might and Magic III Complete allows attackers to exploit the game via specially crafted .h3m map files. During the loading of these maps, if an object name exceeds a predefined buffer size, it can lead to arbitrary code execution. Victims must open these malicious map files within the game, which can potentially allow the attacker to gain control over the affected system.

Affected Version(s)

Heroes of Might and Magic III Windows Complete 4.0.0.0

Heroes of Might and Magic III Windows HD Mod 3.808 build 9

Heroes of Might and Magic III Windows Demo 1.0.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34124 - Proof of Concept

CVE-2025-34124 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...
exploit
https://www.exploit-db.com/exploits/37716
exploit
https://www.vulncheck.com/advisories/heroes-of-might-and-...
third-party-advisory

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Lindblad
John AAkerblo
.
CVE-2025-34124 : Buffer Overflow Vulnerability in Heroes of Might and Magic III by Ubisoft