IExpress

From Wikipedia, the free encyclopedia
IExpress
A component of Microsoft Windows
IExpress.png
Windows Vista IExpress.png
Screenshot of IExpress in Windows Vista
Details
Type Self-contained installation packages maker
Included with Windows 2000 and later
Also available for Internet Explorer Administration Kit releases 4, 5 and 6, Internet Explorer 6

IExpress, a component of Windows 2000 and later, is used to create self-extracting packages from a set of files. Such packages can be used to install software.

Overview

IExpress (IEXPRESS.EXE) can be used for distributing self-contained installation packages (INF-based setup executables) to multiple local or remote Windows computers. It creates a self-extracting executable (.EXE) or a compressed Cabinet (.CAB) file using either the provided front end interface (IExpress Wizard), or a custom Self Extraction Directive (SED) file. [1] SED files can be modified with any plain text/ASCII editor, like Notepad. All self-extracting files created by IExpress use CAB compression algorithms, are compressed using the MakeCab (MAKECAB.EXE) tool, [2] and are extracted using the WExtract (WEXTRACT.EXE) tool.

IEXPRESS.EXE is located in the SYSTEM32 folder of both Windows 32 and 64-bit installations. The front end interface (IExpress Wizard) can be started by manually navigating to the respective directory and opening the executable (IExpress.exe), or by typing IExpress into the Run window of the Start Menu. It can also be used from the command line (Windows Command Prompt or batch file) to create custom installation packages, eventually unattended (automated operation):

IEXPRESS /N drive_letter:\directory_name\file_name.SED

IExpress Wizard interface guides the user through the process of creating a self-extracting package. It asks what the package should do: extract files and then run a program, or just extract files. It then allows the user to specify a title for the package, add a confirmation prompt, add a license agreement that the end-user must accept in order to allow extraction, select files to be archived, set display options for the progress window, and finally, specify a message to display upon completion.
If the option to create an archive and run a program is selected, then there will be an additional step, prompting the user to select the program that will be run upon extraction.

Security

The self-extracting packages created with IExpress have (inherent) vulnerabilities which allow arbitrary code execution because of the way they handle their installation command and their command line processing.[3][4] Additionally, because of the way Windows User Account Control handles installers, these vulnerabilities allow a privilege escalation.[5][6]

See also

References

  1. ^ MDGx: INF Guide: SED Overview
  2. ^ MS TechNet: IExpress Technology and the IExpress Wizard
  3. ^ MS Knowledge Base: Command-line switches for IExpress software update packages
  4. ^ MS TechNet: IExpress command-line options
  5. ^ FullDisclosure: Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
  6. ^ FullDisclosure: Defense in depth -- the Microsoft way (part 33): yet another (trivial) UAC bypass resp. privilege escalation

External links

  • MSDN: Using IExpress Wizard to Create a DPInst Installation Package
  • MS TechNet: IExpress Technology and the IExpress Wizard
  • MDGx: Internet Explorer Administration Kit (IEAK): Guides, Resources & Downloads
  • MDGx: Complete INF + IEAK Guide
  • MDGx: Setup Information (INF) & Self Extraction Directive (SED) files: Guides, Resources & Downloads
Retrieved from "https://en.wikipedia.org/w/index.php?title=IExpress&oldid=797307267"
This content was retrieved from Wikipedia : http://en.wikipedia.org/wiki/IExpress
This page is based on the copyrighted Wikipedia article "IExpress"; it is used under the Creative Commons Attribution-ShareAlike 3.0 Unported License (CC-BY-SA). You may redistribute it, verbatim or modified, providing that you comply with the terms of the CC-BY-SA