Heroes of Might and Magic III Buffer Overflow Vulnerability in .h3m Map Files Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in Heroes of Might and Magic III Complete version 4.0.0.0, HD Mod 3.808 build 9, and the Demo version 1.0.0.0. This vulnerability arises from the object sprite name parsing logic in the game's map loading process. When a player opens a maliciously crafted .h3m map file, the exploitation of the buffer overflow could lead to arbitrary code execution. The vulnerability takes advantage of the in-game map loading mechanism, requiring the victim to manually open the compromised map file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the victim's machine, executed within the context of the game.

Reproduction

The vulnerability can be reproduced by creating an uncompressed .h3m map file that includes a specially crafted object sprite name. This name should be designed to overflow the buffer by exploiting the map file's parsing logic. Once the map file is prepared, it can be opened in Heroes of Might and Magic III Complete, HD Mod 3.808 build 9, or the Demo version 1.0.0.0. The game will execute the embedded payload due to the buffer overflow, leading to arbitrary code execution.