I just wrote this script. Its available at code . google . com / p / pdfinjector/
It injects the Collab getIcon exploit into any non-password protected PDFs.
You can check out the video here.
bit.ly / 10KxOD
I'm thinking of integrating it with some MITM tools for pdf on the fly replacement either via iframe or normal link replacement or integrating some email sending functions into the script.
I have only tested this in BT4 and Windows XP. Let me know if this doesnt work for you. Thanks