According to Microsoft"s bulletin on the matter, "two vulnerabilities have been identified in the way IE handles digital certificates. When a connection to a secure server is made via either an image or a frame, IE only verifies that the server’s SSL certificate was issued by a trusted root – it does not verify the server name or the expiration date. When a connection is made via any other means, all expected validation is performed.
\[The second issue is that\] even if the initial validation is made correctly, IE does not re-validate the certificate if a new SSL session is established with the same server during the same IE session.
The circumstances under which these vulnerabilities could be exploited are fairly restricted. In both cases, it is likely that the attacker would need to either carry out DNS cache poisoning or physically replace the server in order to successfully carry out an attack via this vulnerability. The timing would be especially crucial in the second case, as the malicious user would need to poison the cache or replace the machine during the interregnum between the two SSL sessions."