Well, the do not "exploit the http port", but the application that is running bound to that port (it's just a way of defining stuff more clearly). If you've read the other threads mentioned you know by now you system is not vulnerable to this IIS crap, but in general you could say applications are vulnerable when they do not validate input properly, for instance for expected value length. Under such circumstances it would be possible to supply arguments that will force execution of something else (unexpected, but then again
Nobody Expects The Spanish Inquisition :-] ).
This is what they call a buffer overflow or BO for short.
Here's some docs you may want to read.
If not, then at least read
A Comparative Analysis of Methods of Defense against Buffer Overflow Attacks and
A Buffer Overflow Study because they provide explanation and guidance on how to minimalize risks.
Also search this forum for the basic security docs, we're posting it aprox. once each month. Apache docs can be found easily Googling the web.