There's no particular reason to worry about it - the report is rather an exaggeration of what is possible - this is only an issue if you are able to convince an IE user to directly visit an uploaded image, it is not possible to include it in a post for example.
There will be a fix in the next release to tighten up on the checking we do on images even more.
If you are particularly concerned, you can disable avatar uploads (they are off by default anyway), but the risk is fairly minor from this (and is potentially applicable to any software that allows image uploads not just phpBB)
"So Long, and Thanks for All the Fish"
phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!