Well, there have been a whole host of attacks associated with vulnerable versions of Flash and Java that could at least cripple a profile. I ran up against one of them around 2010. One of the staff at one of our remote locations suddenly had all their files supposedly disappear, desktop wiped out and the like, and a notification about a ransom if they wanted the files back. The user had no admin privileges, so I checked, and sure enough, the other profiles were untouched. What had happened is the auto updater for the workstation had failed.
Now, while it's true that the operating system itself was not compromised, and no other systems or users on the network were compromised, certainly there was enough control to potentially view confidential data on shared drives. While this was relatively unsophisticated ransomware, it did teach me than merely obsessing about privilege escalation does not lead to a secure system. User profiles and directories can still potentially be vulnerable even if the malware can't root the system.