CVE-2001-0736

Pine <4.33 - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0736. PoCs published by mat.

AI-analyzed exploit summary This exploit leverages a race condition in Pico (and Pine) to overwrite arbitrary files by predicting the temporary file name. It creates a symlink to a controlled file, waits for the victim to edit a message, and then replaces the symlink with a writable file to capture the contents.

Description

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mat · bashlocallinux

https://www.exploit-db.com/exploits/20493

View Code ZIP pw:eip

This exploit leverages a race condition in Pico (and Pine) to overwrite arbitrary files by predicting the temporary file name. It creates a symlink to a controlled file, waits for the victim to edit a message, and then replaces the symlink with a writable file to capture the contents.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Racy

Target: University of Washington Pico (versions 3.8, 4.3) and Pine

Auth required

Prerequisites: Victim must be using Pine with specific editor settings · Attacker must predict the temporary file name · Attacker must have write access to /tmp

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1200 - Hardware Additions

devstral-2 · analyzed Feb 16, 2026 Full analysis →