Exploits against zeroconf, network printer clients, etc.?

So on Windows you have a bunch of network services and stuff running by default:
- Zeroconf, I think this is for automatic discovery of shared network devices
- The print spooler with support for network printers
- The Microsoft network client, in case you want to join a local network

There are probably others too... My question is, how exploitable are these services when they do not open listening ports, or when their ports are blocked by a firewall?

I already know that
- Conficker exploited a hole in the network client, but IIRC some firewalls could block it.
- Flame exploited a hole in the print spooler
- It's sometimes possible to bypass a stateful firewall and attack the open ports underneath

But how many ITW exploits involve attacking a network service that doesn't listen on a port, or that has its listening port blocked? Such services still parse input, so they're still likely to be vulnerable somehow, right?

 

If the port is closed the code won't be interacted with or take input. You need to interact with the service to exploit it. All of those services could be exploited locally though if they can be accessed.