Versions of Microsoft Windows 2000 and Windows Server 2003 use the Web Proxy Autodiscovery Protocol (WPAD) within Internet Explorer. WPAD allows IE to locate a Web proxy's auto-config file and thus configure the browser's proxy settings. The way the system is currently implemented, a malicious user could configured a WINS or DNS proxy server on a site, then when a vulnerable IE browser connects, intercept all subsequent traffic.
Microsoft: Advisory 934864
CNET News.com: Windows weakness can lead to network traffic hijacks