[EDIT](25/02/07): It seems that this method doesn't completely work, so please read the comments to find more info, because otherwise this isn't going to do you any good.
Anyway; to take a leaf out of Sylvan von Stuppe's book, I'd like to recommend a way to do (the equivalent of) output filtering, rather than input validation to stop this issue.
In all other situations where we don't need to allow certain html, we can simply encode all output in the appropriate char set, and we're safe.
And there is no reason we would ever need to allow users to upload images which get interpreted as html files, and therefore served as such.
So, having established (at least in my view), that output filtering is the way to go; how would we go about doing this without altering the image?
Well, in this case its easy enough; all we need to do is use a header that IE does respect; the Content-Disposition header. And possibly also a Content-Type header of application/octet-stream or we may not, depending on how paranoid we are, and how much we want to (possibly) break things.
There are several way to do this.
On Apache, the best solution is to use mod_headers to send the header for all files in a particular directory, and move all your uploads there.
Microsoft provides an explanation of how you can achieve the same on IIS here: http://support.microsoft.com/kb/q260519/
You can of course, also set PHP or any other server side language as the handler for all the files in a directory, and then use the header() (or similar) function to send the Content-Disposition header tot he browser.
Of course, this might be annoying if a user does something like right click on an image and click view image, but this is a minor inconvenience IMO.