How does this milw0rm heap spraying exploit work?

Question

I usually do not have difficulty to read JavaScript code but for this one I can’t figure out the logic. The code is from an exploit that has been published 4 days ago. You c

Answer 1

See Character encodings in HTML.

It's binary data encoded as a string, which JavaScript is decoding.

Common form of XSS also.

You can see all the encoding tricks here:

http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project