How is exploitation defined in this context?

Exploitation is the act of using a vulnerability to cause something you shouldn’t be able to do: it’s the attacker’s method for turning a flaw into real impact, such as executing code, gaining unauthorized access, or leaking data. An exploit is usually a small program or crafted data that interacts with the flaw in the software to trigger unintended behavior. This is why the definition mentions a piece of software or data that takes advantage of a vulnerability to cause unintended behavior or gain access. Patches are fixes for vulnerabilities, firewall changes are defensive controls, and backups are maintenance operations; none of these describe the attacker’s use of a flaw to reach a goal. An example would be sending input that overflows a buffer and executes malicious code on the system, which is exactly the kind of action exploitation encompasses.