Some web application security scanners like Skipfish reports vulnerability "Generic MIME used". In my case this vulnerability was reported for resources like http://my_site/fonts/fontawesome-webfont.ttf, for which Content-Type header returned with response was application/octet-stream.
Is it possible to exploit this kind of vulnerability or is it just a false positive?
Strictly speaking it is not a vulnerability but it is a security issue because the visitor's browser (or more accurately, the User Agent) is being given information that could be processed
Is it possible to exploit this kind of vulnerability?
I don't see how your server would be directly at any technical risk due to this. Your clients (visitors to your site) would be, thus exposing you to other risks such as reputation risk and/or legal risk.
Yes, the code is a default set and MIME types can be exploited. The defaults are not secure, but usually meant to demonstrate a basic functionality. https://www.exploit-db.com/search/?action=search&q=MIME
