Well, here's one example. Say my email has been hacked and the hacker is using it to reset all my passwords to my other accounts. The email company naturally won't do anything about it, and it would be tough to get the law involved without the company's cooperation. This is where the ethical side of gray hat hacking comes into play. I don't think it would be outside the ethical restraints if I were to send him an undetectable keylogger so that I could get my online identity back. That's definitely a gray area, but is it unethical? If I had a lot to lose by allowing him to keep control of that address and those accounts, I would be tempted to say that no, it wouldn't be unethical. It would simply be self-defense.
That's just the first example that comes to mind, anyway. Little scenarios like this make me a bit hesitant to say that ethical applications do not exist. I'll readily admit they are few and far between, but nonexistent? I'm not so sure.