In this post, adam_smasher wrote:
ZSNES also has a known security flaw that allows for arbitrary code execution on the host machine.
So does the Super Game Boy, but that was intentional.
More to the point: So do Super Mario Bros. 3 (bug 4961), Super Mario World (bug 4156), and Pokémon Yellow Version (bug 3894). I wonder whether ZSNES's bug could be combined with the bug in SMW to take control of a PC from a movie file. And is there a guide to making your own exploit package, so I can (say) write a .sfc program with a "Check for updates" feature that detects whether a new version of the game is available and offers to download it?