Although I'm not an MPLS user, I've come across some similar issues where I wanted to restrict telnet access to various IP addresses assigned to a router in an access-class, but found that the destination component was being represented as 0.0.0.0. The only way that I could end up restricting telnet access with the level of granularity I wanted was to use a local policy route-map to modify the behaviour of the response traffic.