This vulnerability was discovered and disclosed (including example exploit code and suggestions regarding content to retrieve) by RedTeam Pentesting GmbH:

https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt

http://www.securityfocus.com/archive/1/archive/1/531255/100/0/threaded

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2205