CVE-2019-2612

MSVCR120.dll!strstr + 0x17F (this frame is irrelevant to this bug) [[f:\dd\vctools\crt\crtw32\string\i386\strstr_sse.inc @ 373]]
impsz2.dll + 0x1D22 (id: deb, no function symbol available)
impsz2.dll + 0x1F31 (id: 56b, no function symbol available)
impsz2.dll + 0x11D8 (no function symbol available)
vsgdsf.dll + 0xA563 (no function symbol available)
sccda.dll + 0x-1CDD2 (no function symbol available)
sccex.dll + 0x-3B4F24 (no function symbol available)
pxsample.exe + 0x6DC058DA (no function symbol available)
pxsample.exe + 0x110D (no function symbol available)
pxsample.exe + 0x1282 (no function symbol available)

eax   =  0x89B9010	xmm0  = 0x53502125000065626F64412D53502125
ebx   =        0x0	xmm1  =                                0x0
ecx   =       0x10	xmm2  =                                0x0
edx   = 0x53502125	xmm3  =                                0x0
esi   =  0x8906328	xmm4  =                                0x0
edi   = 0x6C02604C	xmm5  =                                0x0
esp   =   0xB9EBB4	xmm6  = 0x40E8366885E3095FDD486A29E4929F57
ebp   =   0xB9EC04	xmm7  =                                0x1

6c021c5d 	c745cc80000000	mov dword ptr [ebp-34h],80h
6c021c64 	eb6e	jmp impsz2!EscapeSetup+0x3f4 (6c021cd4)
6c021c66 	6a00	push 0
6c021c68 	6a00	push 0
6c021c6a 	8b4508	mov eax,dword ptr [ebp+8]
6c021c6d 	8b4804	mov ecx,dword ptr [eax+4]
6c021c70 	51	push ecx
6c021c71 	e88a0b0000	call impsz2!IMSGetFilterVersion+0x310 (6c022800)
6c021c76 	83c40c	add esp,0Ch
6c021c79 	6a01	push 1
6c021c7b 	8d55dc	lea edx,[ebp-24h]
6c021c7e 	52	push edx
6c021c7f 	684460026c	push offset impsz2!ImportEmbeddedGR+0x24e4 (6c026044)
6c021c84 	8b4508	mov eax,dword ptr [ebp+8]
6c021c87 	8b4804	mov ecx,dword ptr [eax+4]
6c021c8a 	51	push ecx
6c021c8b 	e86a0b0000	call impsz2!IMSGetFilterVersion+0x30a (6c0227fa)
6c021c90 	83c410	add esp,10h
6c021c93 	83f801	cmp eax,1
6c021c96 	7533	jne impsz2!EscapeSetup+0x3eb (6c021ccb)
6c021c98 	817ddcc5d0d3c6	cmp dword ptr [ebp-24h],0C6D3D0C5h
6c021c9f 	752a	jne impsz2!EscapeSetup+0x3eb (6c021ccb)
6c021ca1 	837de4fe	cmp dword ptr [ebp-1Ch],0FFFFFFFEh
6c021ca5 	7508	jne impsz2!EscapeSetup+0x3cf (6c021caf)
6c021ca7 	83c8ff	or eax,0FFFFFFFFh
6c021caa 	e9a6000000	jmp impsz2!EscapeSetup+0x475 (6c021d55)
6c021caf 	837de000	cmp dword ptr [ebp-20h],0
6c021cb3 	740e	je impsz2!EscapeSetup+0x3e3 (6c021cc3)
6c021cb5 	837de400	cmp dword ptr [ebp-1Ch],0
6c021cb9 	7408	je impsz2!EscapeSetup+0x3e3 (6c021cc3)
6c021cbb 	8b55e0	mov edx,dword ptr [ebp-20h]
6c021cbe 	8955cc	mov dword ptr [ebp-34h],edx
6c021cc1 	eb08	jmp impsz2!EscapeSetup+0x3eb (6c021ccb)
6c021cc3 	83c8ff	or eax,0FFFFFFFFh
6c021cc6 	e98a000000	jmp impsz2!EscapeSetup+0x475 (6c021d55)
6c021ccb 	eb07	jmp impsz2!EscapeSetup+0x3f4 (6c021cd4)
6c021ccd 	33c0	xor eax,eax
6c021ccf 	e981000000	jmp impsz2!EscapeSetup+0x475 (6c021d55)
6c021cd4 	6800010000	push 100h
6c021cd9 	e8c20a0000	call impsz2!IMSGetFilterVersion+0x2b0 (6c0227a0)
6c021cde 	83c404	add esp,4
6c021ce1 	8945d4	mov dword ptr [ebp-2Ch],eax
6c021ce4 	837dd400	cmp dword ptr [ebp-2Ch],0
6c021ce8 	7468	je impsz2!EscapeSetup+0x472 (6c021d52)
6c021cea 	6a00	push 0
6c021cec 	8b45cc	mov eax,dword ptr [ebp-34h]
6c021cef 	50	push eax
6c021cf0 	8b4d08	mov ecx,dword ptr [ebp+8]
6c021cf3 	8b5104	mov edx,dword ptr [ecx+4]
6c021cf6 	52	push edx
6c021cf7 	e8040b0000	call impsz2!IMSGetFilterVersion+0x310 (6c022800)
6c021cfc 	83c40c	add esp,0Ch
6c021cff 	8b45d4	mov eax,dword ptr [ebp-2Ch]
6c021d02 	50	push eax
6c021d03 	8b4d08	mov ecx,dword ptr [ebp+8]
6c021d06 	51	push ecx
6c021d07 	e864000000	call impsz2!EscapeSetup+0x490 (6c021d70)
6c021d0c 	83c408	add esp,8
6c021d0f 	85c0	test eax,eax
6c021d11 	7533	jne impsz2!EscapeSetup+0x466 (6c021d46)
6c021d13 	684c60026c	push offset impsz2!ImportEmbeddedGR+0x24ec (6c02604c)
6c021d18 	8b55d4	mov edx,dword ptr [ebp-2Ch]
6c021d1b 	52	push edx
6c021d1c 	ff15ec50026c	call dword ptr [impsz2!ImportEmbeddedGR+0x158c (6c0250ec)] // call
6c021d22 	83c408	add esp,8 // return address
6c021d25 	85c0	test eax,eax
6c021d27 	7516	jne impsz2!EscapeSetup+0x45f (6c021d3f)
6c021d29 	685860026c	push offset impsz2!ImportEmbeddedGR+0x24f8 (6c026058)
6c021d2e 	8b45d4	mov eax,dword ptr [ebp-2Ch]
6c021d31 	50	push eax
6c021d32 	ff15ec50026c	call dword ptr [impsz2!ImportEmbeddedGR+0x158c (6c0250ec)]
6c021d38 	83c408	add esp,8
6c021d3b 	85c0	test eax,eax
6c021d3d 	7407	je impsz2!EscapeSetup+0x466 (6c021d46)
6c021d3f 	c745c801000000	mov dword ptr [ebp-38h],1
6c021d46 	8d4dd4	lea ecx,[ebp-2Ch]
6c021d49 	51	push ecx
6c021d4a 	e8110a0000	call impsz2!IMSGetFilterVersion+0x270 (6c022760)
6c021d4f 	83c404	add esp,4
6c021d52 	8b45c8	mov eax,dword ptr [ebp-38h]
6c021d55 	8b4dfc	mov ecx,dword ptr [ebp-4]
6c021d58 	33cd	xor ecx,ebp
6c021d5a 	e8c50a0000	call impsz2!IMSGetFilterVersion+0x334 (6c022824)
6c021d5f 	8be5	mov esp,ebp
6c021d61 	5d	pop ebp
6c021d62 	c3	ret
6c021d63 	cc	int 3
6c021d64 	cc	int 3
6c021d65 	cc	int 3
6c021d66 	cc	int 3
6c021d67 	cc	int 3
6c021d68 	cc	int 3
6c021d69 	cc	int 3
6c021d6a 	cc	int 3
6c021d6b 	cc	int 3
6c021d6c 	cc	int 3
6c021d6d 	cc	int 3
6c021d6e 	cc	int 3
6c021d6f 	cc	int 3
6c021d70 	55	push ebp
6c021d71 	8bec	mov ebp,esp
6c021d73 	83ec18	sub esp,18h
6c021d76 	c745ec00000000	mov dword ptr [ebp-14h],0
6c021d7d 	c645ff00	mov byte ptr [ebp-1],0
6c021d81 	8b4508	mov eax,dword ptr [ebp+8]
6c021d84 	83780800	cmp dword ptr [eax+8],0
6c021d88 	7470	je impsz2!EscapeSetup+0x51a (6c021dfa)
6c021d8a 	c745f400000000	mov dword ptr [ebp-0Ch],0
6c021d91 	8b4d08	mov ecx,dword ptr [ebp+8]
6c021d94 	8b550c	mov edx,dword ptr [ebp+0Ch]
6c021d97 	035108	add edx,dword ptr [ecx+8]
6c021d9a 	52	push edx
6c021d9b 	e87e0a0000	call impsz2!IMSGetFilterVersion+0x32e (6c02281e)
6c021da0 	83c404	add esp,4