I'm unfamiliar with WC3 mapping and WC3 itself, but there have been reports of an arbitrary bytecode execution exploit in custom maps.
It has been reported to Blizzard, and they have most definitely seen the reports. 
This makes you vulnerable to a plethora of malicious actions when WC3 initializes the map that an AV likely won't detect (depends on the action and some may pick it up as a buffer overflow attack trying to execute shellcode).
Attacks would have the same permissions as the WC3 client.

Do not join hosted games with people you do not 100% trust.

A proof of concept can be found in this file directory.

UPDATE: Blizzard has issued a temporary fix for this, but currently only for Battle.net players (Single Player & LAN still vulnerable)!
Upon connection to Battle.net, your client will now also download IX86Archimonde.MPQ/DLL to your bncache.dat file.