IExpress, a component of Windows 2000 and later versions of the operating system, is used to create self-extracting packages from a set of files. Such packages can be used to install software.
IExpress (IEXPRESS.EXE) can be used for distributing self-contained installation packages (INF-based setup executables) to multiple local or remote Windows computers. It creates a self-extracting executable (.EXE) or a compressed Cabinet (.CAB) file using either the provided front end interface (IExpress Wizard), or a custom Self Extraction Directive (SED) file.[1] SED files can be modified with any plain text/ASCII editor, like Notepad. All self-extracting files created by IExpress use CAB compression algorithms, are compressed using the Cabinet Maker (MAKECAB.EXE) tool,[2] and are extracted using the WExtract (WEXTRACT.EXE) tool.
IEXPRESS.EXE is located in the SYSTEM32 folder of both 32 and 64-bit installations of Windows. The front end interface (IExpress Wizard) can be started by manually navigating to the respective directory and opening the executable (IExpress.exe), or by typing IExpress into the Run window of the Start Menu. It can also be used from the command line (Windows Command Prompt or batch file) to create custom installation packages, eventually unattended. (automated operation):
IExpress Wizard interface guides the user through the process of creating a self-extracting package. It asks what the package should do: extract files and then run a program, or just extract files. It then allows the user to specify a title for the package, add a confirmation prompt, add a license agreement that the end-user must accept in order to allow extraction, select files to be archived, set display options for the progress window, and finally, specify a message to display upon completion.
If the option to create an archive and run a program is selected, then there will be an additional step, prompting the user to select the program that will be run upon extraction.
More specifically, the vulnerability comes in two versions: the most obvious one is that a /c: switch tells the package to run an arbitrary command in the extracted directory;[6] the other is that the directory is predictable and writable by any ordinary user, so that the usual msiexec.exe command can be replaced by an attack payload.[5] The latter has been fixed by Microsoft in MS14-049, but the former is only addressed by a policy to deprecate IExpress.[6] There is also a DLL hijacking exploit possible with IExpress.[7]
iexpress, confused, with, ixpress, component, windows, 2000, later, versions, operating, system, used, create, self, extracting, packages, from, files, such, packages, used, install, software, screenshot, windows, 10developer, microsoftoperating, systemwindows. Not to be confused with iXpress IExpress a component of Windows 2000 and later versions of the operating system is used to create self extracting packages from a set of files Such packages can be used to install software IExpressScreenshot of IExpress in Windows 10Developer s MicrosoftOperating systemWindows NTTypeSelf contained installation packages maker Contents 1 Overview 2 Security 3 See also 4 References 5 External linksOverview editIExpress IEXPRESS EXE can be used for distributing self contained installation packages INF based setup executables to multiple local or remote Windows computers It creates a self extracting executable EXE or a compressed Cabinet CAB file using either the provided front end interface IExpress Wizard or a custom Self Extraction Directive SED file 1 SED files can be modified with any plain text ASCII editor like Notepad All self extracting files created by IExpress use CAB compression algorithms are compressed using the Cabinet Maker a href MAKECAB EXE html class mw redirect title MAKECAB EXE MAKECAB EXE a tool 2 and are extracted using the WExtract a href WEXTRACT EXE html class mw redirect title WEXTRACT EXE WEXTRACT EXE a tool IEXPRESS EXE is located in the SYSTEM32 folder of both 32 and 64 bit installations of Windows The front end interface IExpress Wizard can be started by manually navigating to the respective directory and opening the executable IExpress exe or by typing IExpress into the Run window of the Start Menu It can also be used from the command line Windows Command Prompt or batch file to create custom installation packages eventually unattended automated operation IEXPRESS N drive letter directory name file name SEDIExpress Wizard interface guides the user through the process of creating a self extracting package It asks what the package should do extract files and then run a program or just extract files It then allows the user to specify a title for the package add a confirmation prompt add a license agreement that the end user must accept in order to allow extraction select files to be archived set display options for the progress window and finally specify a message to display upon completion If the option to create an archive and run a program is selected then there will be an additional step prompting the user to select the program that will be run upon extraction Security editThe self extracting packages created with IExpress have inherent vulnerabilities which allow arbitrary code execution because of the way they handle their installation command and their command line processing 3 4 Additionally because of the way Windows User Account Control handles installers these vulnerabilities allow a privilege escalation 5 6 More specifically the vulnerability comes in two versions the most obvious one is that a c switch tells the package to run an arbitrary command in the extracted directory 6 the other is that the directory is predictable and writable by any ordinary user so that the usual msiexec exe command can be replaced by an attack payload 5 The latter has been fixed by Microsoft in MS14 049 but the former is only addressed by a policy to deprecate IExpress 6 There is also a DLL hijacking exploit possible with IExpress 7 See also editList of installation softwareReferences edit MDGx INF Guide SED Overview MS TechNet IExpress Technology and the IExpress Wizard MS Knowledge Base Command line switches for IExpress software update packages MS TechNet IExpress command line options a b FullDisclosure Defense in depth the Microsoft way part 11 privilege escalation for dummies a b c FullDisclosure Defense in depth the Microsoft way part 33 yet another trivial UAC bypass resp privilege escalation Microsoft IExpress DLL Hijacking Packet Storm packetstormsecurity com External links editMSDN Using IExpress Wizard to Create a DPInst Installation Package MS TechNet IExpress Technology and the IExpress Wizard MDGx Internet Explorer Administration Kit IEAK Guides Resources amp Downloads MDGx Complete INF IEAK Guide MDGx Setup Information INF amp Self Extraction Directive SED files Guides Resources amp Downloads Retrieved from https en wikipedia org w index php title IExpress amp oldid 1172886082, wikipedia, wiki, book, books, library,
