There is no validation code in IPB to check the content of image files.
The only way to protect these exploits is using ACP -> Security Center -> IP.Board PHP/CGI .htaccess Protection but this is useless for Windows server. Blocking scripts in uploads file is a solution, but IPB should block before that.
A simple search for <php or base64 inside any image file being uploaded is enough.
I understand, but there are plenty of CSS menu systems over the web and I chosed ProMenu because it should be a simple install-and-run IPB app as many others I bought. I installed ProMenu two days ago, it's still not working and I need to publish our new discussion board during this weekend. I simply can't wait too long for support.