I wrote a page about MD5 collisions and the dangers of signing binary files.
Some vulnerabilities I discovered that have been made public: