Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.
https://exchange.xforce.ibmcloud.com/vulnerabilities/8118
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005