The implementation of SSL in IE is vulnerable to MitM attacks by anyone who has a Verisign-signed certificate.

Details in the usual places.