Getting to the point of arbitrary code execution is always more interesting than what you do with it after the fact.
To be able and take apart the game, find out when and where it does all this, then where you can manipulate things to input instructions, is a level of dedication that's admirable.
Yeah, but once you get to arbitrary code execution, everything is on the table. It's about as interesting as just creating it from scratch. The "something" stands on its own merits, separate from how it was created.
Not everything, depends on the system. On the NES, for example, you can only mess around with RAM if you find ACE, but if the cartridge is using CHR ROM, whatever you create with ACE must still use the only tileset available to the game. You can get creative drawing graphics with a fixed set of tiles, but you'll be constrained nonetheless.
There may be other constraints for other systems. I don't know the SNES architecture too well, but I assume even with ACE you're still limited in various ways to the constraints of the cartridges.
SNES does not put video memory on CHR-ROM, it's all writable RAM. The restriction is total RAM avaialble (including cartridge save ram), possibly calling functions or using data from the original ROM.
I particularly like the Super Mario World one. Arbitrary code execution is triggered by an actual shell code. As in, it is done by manipulating Koopa shells in game.
To be able and take apart the game, find out when and where it does all this, then where you can manipulate things to input instructions, is a level of dedication that's admirable.