I’ve just released a blog post over at SANS pen-testing blog. Check out my latest article there: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata
It contains details on using metadata as an attack vector, and using these techniques to metadata bomb documents to find zero-days.
I hope you enjoy it.