How does the Warcraft III map vulnerability allow an attacker to execute arbitrary code on a victim's computer?

The vulnerability leverages JASS's Preload functions (`PreloadGenClear`, `PreloadGenStart`, `PreloadGenEnd`) to write arbitrary content to a file. By setting the output filename to a `.bat` extension and inserting line breaks (`\n`) within the `Preload()` call, the attacker can inject valid batch commands into the generated file. When the map is played, this batch file is written to the Windows startup directory, so upon reboot the payload executes automatically. This technique was used by the "Loli" worm, as detailed in the Analysis Introduction of War3 Map "Vulnerability".