This vulnerability was discovered and disclosed (including example exploit code) by Nadeem Salim from Sense of Security Labs.

http://www.senseofsecurity.com.au/advisories/SOS-12-007