This term is used to describe exploit code that has been written to take advantage of a vulnerability before the software vendor knows about it and has had the chance to publish a patch for it.
The result is that would-be attackers are free to exploit the vulnerability, unless proactive exploit prevention technologies have been implemented to defend the computer being targeted by the attacker.