A flaw in Microsoft Internet Explorer allows an attacker to perform a SSL Man-In-The-Middle attack without the majority of users recognising it. In fact the only way to detect the attack is to manually compare the server name with the name stored in the certificate.

You can read more in the original article here.