The game still contains a number of possible sources for buffer overflows, mostly related to the handling of save games from untrusted sources (like PBEM opponents or bug submitters on GitHub):

• strcpy/strcat with Data->... or Mev as the source (cf. grep 'strc.,.(Data|Mev)' *.cpp)
• strlen and using the result as an index for updating an array element
• Overflowing the History struct by setting PastMissionCount to 100 or above

Exploiting the latter might be tricky because you have relatively little control to what gets written, but you never know.

Additionally, the whole Num array thing is also pretty scary when you have (or claim to have) more than 30 missions per capsule (seeing that in a game right now). However, that looks just like an out-of-bounds read.

After fixing these, we should also apply some fuzzing to save game files.