I’m unfamiliar with WC3 mapping and WC3 itself, but there have been reports of an arbitrary bytecode execution exploit in custom maps. It has been reported to Blizzard, and they have most definitely seen the reports. This makes you vulnerable to a plethora of malicious actions that an AV likely won’t detect (depends on the action and some may pick it up as a buffer overflow attack trying to execute shellcode). Attacks would have the same permissions as the WC3 client.
Do not join hosted games with people you do not 100% trust.
