Possible IE XSS Attack
From Joomla! Documentation
Revision as of 20:20, 1 September 2013 by Tom Hutchison
It is a check run to ensure that an image uploaded doesn't flip IE6 into one of its weird quirks where it will take a perfectly valid looking image and treat it as a web page. This can cause potential for an XSS attack where in an uploaded file can be run on the server. It appears that this has been fixed in IE7 or greater.
There are a few checks that the Joomla Media Manager does to try and ensure that what is being uploaded is sane. If it is an image we attempt to check it has valid dimensions, for other file types it attempts to validate that the mime type is correct using fileinfo or mime magic though if you're an administrator or higher (super admin) these checks can be bypassed - though the XSS can't be bypassed and is run even if all other checks pass.
Typically if you have a look at the EXIF data of the image there will be something resembling HTML that could trip IE up. It errs on the safe side and prevents it. Stripping the HTML from the image metadata should fix the problem.