It would depend on the exploit. For a simple example, an exploit that was a result of a flaw in the file specification could result in it being cross platform.
It's going to be rarer to find something of that scope, maybe even to the point of you being effectively right.
Also dodgy files can contain multiple exploits, potentially for different platforms. Problem here from the malicious actor's point of view is that each vector for attack is also a vector for detection, so rather than a cesspool of exploits it makes more sense to use single new and mostly unknown exploit that targets software used by the greatest number of victims.
It's going to be rarer to find something of that scope, maybe even to the point of you being effectively right.