Don Clark reports in the Wall. St. Journal this morning on a bug in Internet Explorer which can be used to spoof site certificates. The flaw could be exploited by an attacker to setup a site which appears to be genuine — including an SSL session — but which is bogus.
See Mike Benham’s original report for details.