The emulator behind the Nintendo 3DS' Virtual Console is usually locked down to only run ROMs officially distributed through the Nintendo eShop. A new exploit released this week, however, opens the platform to load and run any existing Game Boy or Game Boy Color ROM.
The exploit relies on a buffer overflow error in the current version of the 3DS' Web browser. When loaded with specific timing, this overflow can be used to replace a legitimately purchased Game Boy Color game in the Virtual Console's memory with a ROM loaded on an SD card or stored at a Web address, as long as both ROMs are the same size. Game Boy Advance games currently aren't supported by the hack, and in-game saving functions don't work on side-loaded ROMs, though users can store progress using the Virtual Console's save state function.
While the exploit seems to work with any 3DS firmware up to the latest release (9.4), it doesn't seem to work with the Web browser found on the new 3DS that will launch in the US next month. This suggests it will be trivial for Nintendo to patch the memory hole out in a future release of the 3DS firmware and Web browser.