An exploit is a program, piece of code, or set of commands designed to take advantage of a vulnerability in a software system. Hackers use exploits to gain access to a system, elevate that access to administrator (or root) permissions, then use that access to install malware, extract information, or disrupt operations.
Vulnerabilities in a software system can take many forms. Some vulnerabilities are the result of bugs or oversights in the software code; other vulnerabilities come from mistakes made by a system administrator during configuration. Likewise, the ways an exploit can target systems can also take many forms. Some exploits target vulnerabilities in web browsers, email clients, or other software that opens files from the Internet. Others spread on their own over a computer network, infecting the first computer by other means, then scanning nearby computers and automatically running the exploit on vulnerable computers.
Once an exploit is known to the developer of the vulnerable software, they can issue a hotfix to patch the hole. The longer a vulnerability is known, the greater the number of hackers that have access to it, so it is important to regularly install security updates and antivirus definitions. An exploit used by hackers before it is known to the affected software's developers is known as a zero-day exploit since the developer had zero days of notice to issue a patch and must work quickly to fix it.
NOTE: Many website and software companies operate bug bounty programs to encourage ethical hackers to find and report vulnerabilities before they can be exploited by criminal hackers.