HOME

TheInfoList



OR:

IExpress, a component of
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft, targeting the server and business markets. It is the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RT ...
and later versions of the operating system, is used to create self-extracting packages from a set of files. Such packages can be used to install software.


Overview

IExpress (IEXPRESS.EXE) can be used for distributing self-contained installation packages ( INF-based setup executables) to multiple local or remote Windows computers. It creates a self-extracting executable (.EXE) or a compressed Cabinet ( .CAB) file using either the provided front end interface (IExpress Wizard), or a custom Self Extraction Directive (SED) file. SED files can be modified with any plain text/ASCII editor, like
Notepad A notebook (also known as a notepad, writing pad, drawing pad, or legal pad) is a book or stack of paper pages that are often Ruled paper, ruled and used for purposes such as note-taking, Diary, journaling or other writing, drawing, or scrapbooki ...
. All self-extracting files created by IExpress use CAB compression algorithms, are compressed using the Cabinet Maker ( MAKECAB.EXE) tool, and are extracted using the WExtract ( WEXTRACT.EXE) tool. IEXPRESS.EXE is located in the SYSTEM32 folder of both 32 and 64-bit installations of Windows. The front end interface (IExpress Wizard) can be started by manually navigating to the respective directory and opening the executable (IExpress.exe), or by typing IExpress into the Run window of the Start Menu. It can also be used from a Windows command processor shell or
batch file A batch file is a Scripting language, script file in DOS, OS/2 and Microsoft Windows. It consists of a series of Command (computing), commands to be executed by the command-line interpreter, stored in a plain text file. A batch file may contain a ...
to create custom installation packages, eventually unattended (automated operation): IEXPRESS /N drive_letter:\directory_name\file_name.SED IExpress Wizard interface guides the user through the process of creating a self-extracting package. It asks what the package should do: extract files and then run a program, or just extract files. It then allows the user to specify a title for the package, add a confirmation prompt, add a license agreement that the end-user must accept in order to allow extraction, select files to be archived, set display options for the progress window, and finally, specify a message to display upon completion. If the option to create an archive and run a program is selected, then there will be an additional step, prompting the user to select the program that will be run upon extraction.


Security

The self-extracting packages created with IExpress have (inherent)
vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
which allow arbitrary code execution because of the way they handle their installation command and their command line processing. Additionally, because of the way Windows
User Account Control User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed
handles installers, these vulnerabilities allow for
privilege escalation Privilege escalation is the act of exploiting a Software bug, bug, a Product defect, design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resource (computer science), resources that ar ...
.FullDisclosure
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
/ref>FullDisclosure
Defense in depth -- the Microsoft way (part 33): yet another (trivial) UAC bypass resp. privilege escalation
/ref> Specifically, the two inherent vulnerabilities in IExpress are: *a switch tells the package to run an arbitrary command in the extracted directory, and *the directory is predictable and writable by any ordinary user, resulting in the usual command being user-replaceable by an attack payload. The latter point has been fixed by Microsoft in MS14-049, but the former is only addressed by a policy to deprecate IExpress. In addition, a DLL hijacking exploit is also possible with IExpress.


See also

* List of installation software


References


External links

*MSDN
Using IExpress Wizard to Create a DPInst Installation Package
*MS TechNet
IExpress Technology and the IExpress Wizard
*MDGx

*MDGx: ttp://www.mdgx.com/INF_web/ Complete INF + IEAK Guide*MDGx
Setup Information (INF) & Self Extraction Directive (SED) files: Guides, Resources & Downloads
{{Microsoft Windows components Installation software