
Same question here
"How does a firewall prevent a buffer overflow (in another app) through a tcp socket, except by closing the port? Any help?"
I think the news item writer might have blown it. Or, maybe I am missing something too.
You would have to do packet inspection that looked for the specific exploit to be able to block this. A regular firewall would either have the port wide open or would be port forwarding the packets blindly.