What is the core vulnerability in CVE-2021-31196 and what conditions must be met for exploitation?

CVE-2021-31196 is a logic vulnerability in Microsoft Exchange Server (2013 or later) where the `Update-ExchangeHelp` cmdlet downloads and extracts CAB files without validating file paths, leading to arbitrary file write via directory traversal. Exploitation requires a man-in-the-middle attacker to hijack the domain `http://go.microsoft.com/fwlink/p/?LinkId=287244` and an administrative user to run the `Update-ExchangeHelp` or `Update-ExchangeHelp -Force` command. This vulnerability was demonstrated at Pwn2Own 2021.