Remote code injection vulnerability detection method based on Web browser helper object

The invention discloses a remote code injection vulnerability detection method based on a Web browser helper object. The method comprises the following steps: building the browser helper object and deploying the built browser helper object on an object Web browser to be detected for executing an input address as a command line character string after decoding of character strings behind a trigger website when detection indicates that the header of the input address in the browser includes the trigger website; coding the command line character string CM, attaching the coded command line character string CM behind the trigger website for serving as a uniform resource locator L, and building a hypertext markup language file H; and lastly, accessing an address pointed by the uniform resource locator L in the H, and judging whether or not remote code injection vulnerability based on the Web browser helper object exists according to the execution or non-execution of remote code injection by the object Web server to be detected. The remote code injection vulnerability detection method has extremely high penetrability. The remote code injection vulnerability hidden deeply in the Web browser can be found, so that the security of the Web browser is enhanced.